Found this on the WWW.VIRUSBTN.COM web page, as well as a variant on the
SYMANTEC page. Thought some of you might like to see it.
RS
---------------------------------------------------------------------------
AOL4FREE: All things to all people...
Denziens of the Internet have, of late, been beseiged by an ever-increasing
number of confusing warnings, most (but not all) of which turn out to be
hoaxes. Can there be anyone out there who has not heard of Good Times? This
hoax, which started more than two years ago, confused and worried a huge
number of people -- and the confusion continued when a virus writer
produced a perfectly normal DOS executable-infecting virus with the text
'Good Times' included inside. Wisely, the anti-virus industry decided to
call it GT-Spoof instead.
Of late, the confusion has been related to something called AOL4FREE. To
Virus Bulletin's knowledge, there are three separate entities known as
AOL4FREE; these are:
* A program designed to get free time on American OnLine.
* The hoax mentioned above, origin sometime in early 1997.
* Again in early 1997, a trojan horse. More details of this latest
incarnation are given below.
--------------------------------------
The hack
In 1995, a student at Yale named Nicholas Ryan wrote a Macintosh program
called AOL4FREE, designed to get free access to America OnLine. Early in
1997, he allegedly pleaded guilty to charges of computer crime in the US.
--------------------------------------
The hoax
In early 1997, warnings circulated the 'Net about something called
AOL4FREE. One such warning received by Virus Bulletin reads:
Anyone who receives this [warning] must send it to as many people
as you can. It is essential that this problem be reconciled as
soon as possible. A few hours ago, someone opened an E-mail that
had the subject heading of "AOL4FREE.COM". Within seconds of
opening it, a window appeared and began to display all his files
that were being deleted. He immediately shut down his computer,
but it was too late. This virus wiped him out. It ate the
Anti-Virus Software that comes with the Windows '95 Program along
with F-Prot AVS. Neither was able to detect it. Please be careful
and send this to as many people as possible, so maybe this new
virus can be eliminated.
No vendor at the time could find any trace of any such virus, and indeed,
the warning given above sounds not-disimmilar to the Good Times hoax -- it
has the same characteristic of a user having everything on his computer
deleted simply by opening an email message.
--------------------------------------
The Trojan
Finally, in April 1997, a Trojan Horse (a program which claims to do one
thing, but in fact does another) was discovered. Called AOL4FREE.COM, this
program was compiled with BAT2EXEC (a utility to convert batch files to
directly executable code), and when run simply performs a 'deltree' on the
root of the computer's C: drive.
--------------------------------------
Conclusions
At this time, it appears that the Trojan Horse AOL4FREE.COM described above
was written in order to capitalise on the confusion and doubt surrounding
the hoax alert, also described above. There are several important points to
note here:
* Firstly, the Trojan Horse does not match the characteristics described
in the alert.
* A Trojan Horse is not a virus -- a Trojan Horse does not replicate.
* The behaviour described in the alert has not been seen in any virus or
Trojan Horse to date.
* The Internet user is extremely unlikely to encounter a copy of
AOL4FREE.COM. Trojan Horses, by their very nature, do not survive well
in the real world. If you see such a file, do not download or execute
it, but click this link to mail Virus Bulletin and tell us where you
found it.
Virus Bulletin Technical Support, 19970420.
--- GEcho 1.20/Pro
---------------
* Origin: Slings & Arrows BBS St. Louis, Mo. (1:100/205.0)
|