http://bughunter.it-mate.co.uk/NEWSIG.TXT

Whats new in this signature database update?
May 8th, 2007

Additions:

Backdoor.Agent.YPN
Backdoor.IRCBot.ABC
Exploit.Ani
Exploit.FrogJpg (+5)
Trojan.Agent.8081
Trojan.Clicker.Delf.Hk
Trojan.DNSChanger.BF
Trojan.Downloader.Delf.Bjy
Trojan.Downloader.Mald.A (+4)
Trojan.Downloader.Tibs.Kv
Trojan.Downloader.Zlob.Bth (+2)
Trojan.FakeAlert.DS
Trojan.FakeAlert.DT
Trojan.FakeCodecs (+13)
Trojan.Peed.Gen
Trojan.PWS.Tanspy.E
Trojan.Spy.Agent.ABW
Trojan.Spy.Bzub.Iq
Unclassified Trojan (+4)

Total now stands at 8,219 signatures for malware.

A seperate updating program is available on the site; You can download
it, unzip it to c:\bughunt and run bhoupdater.bat; it will check the
server and download the most recent version, automatically replacing the
old copy if one is present. You don't have to check the site now for
updates or rely on me to post them here. Just run the updater once every
few days, if something is new, you'll get it.

http://bughunter.it-mate.co.uk


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Dustin Cook wrote:
[snip]
bho updater? that's a rather unfortunate name... who wants to update
bho's? i thought the point was to get rid of them...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Dustbin Cook wrote:

<snip>

*HAHAHA* Just as predicted the slippery
slope to full Trojan takeover. Funny
that Lord BugShit would use a batch file
and Wget (okay as a solution btw) instead
of his StormTrooper auto-update virus
(much braggarted about)

*more*

4Q page about BugShit is riding high in most of the Internet search
engines,
using "BugHunter" as the search term.
In the top 20 for MSN, Altavista, Yahoo,
(and reached 13 on Google, before Google
hiccupped and drop it -- should be back
in top 20 in the next few days)


4Q
http://fourq.host.sk <-- Top page for BugShit tribute!

kurt wismer <kurtw@sympatico.ca> wrote in news:f1sean$l5a$1
@registered.motzarella.org:

I didn't write the batch file nor the applications included with it. It was
sent to me via an email and I was given permission to make use of it if I
so desired. I thought the thing may be useful to some, so it's offered on
the site for those who like "updating" without having to check the website.




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

4Q <paul_zest@hushmail.com> wrote in news:1178750012.093298.209880
@e51g2000hsg.googlegroups.com:

Hi 4Q.

For reasons I don't wish to disclose to you at this time, BugHunter does
not currently have any built in code to talk over the internet. I
appreciate the fact you find the solution okay. I obviously cannot take
credit for any aspect of it, as Luis Augusto did it.

You will never be able to make good on that trojan claim, ever. Each
time you claim it's a trojan or that it's going to become one, you make
more people interested in it. More people download and apparently like
the program based on the number of emails I'm getting. *grin*. While this
is occuring, your proving what I said you were years ago, a trolling
fucking moron. *hehehe*

Keep up the excellent work!

Yep, although my site continues to maintain 1st place, and likely will
continue to do so as more sites pickup my program and begin hosting it.


I've apparently annoyed you to the point where I have full props right on
your main site, no further need to click thru pointless links of extra
BS. <g>

It's perfectly okay with me for your site to be in existance, I can
freely reference it and point out the various ways in which your program
and mine are not the same. Yours is poorly written and very inefficent,
as I've commented previously.


top 20? That's pathetic, various review sites maintain higher page ranks
than yourself; and you can't get my pagerank, 1st place *hahaha*

You know, the tribute/satire thing will only protect you so far. It's a
fine line between that and having to explain yourself in a courtroom.
Despite what you might like to believe, you are at this point treading in
potentially real life harming terroritory. And nobody, including you, is
really entirely anonymous on the net.

I don't mind games 4q, and i'm not threatening you in any way at this
point, I'm just letting you know, I'm staying withen the confines of the
law for a specific reason. To clue you in, Yes, At some point, I will
take legal action against you, not really to defend BugHunter, but to
make an example of you. The more you help me make my future case, the
happier I am. You seem to think you can just write this or that claim on
reputable software and recieve no fallout from intentionally misleading
people. You won't be able to remain anonymous forever, as with pcbutts,
someone will tire of your games, and leak the information required to
contact you for a discussion with a legal department.

Your trolling friends whom you have full support of, should have atleast
emailed you of this risk your posing yourself. The statute of limitations
is up for my previous crimes, kiddo. Your making bogus claims in an
effort to discredit a legimitate program, don't make the mistake of
assuming your safe forever. While you are in fact based in the uk, Your
not beyond the reach of legal resolution to our problem.





--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Dustbin Cook wrote:
*ROFL* See you in court then, you foam
frothing koOK.

4Q
http://fourq.host.sk

After much thought,4Q aka Lord of Shit came up with this jewel:

pot calling kettle

AUK crosspoast removed
--
Virus Removal Instructions http://home.neo.rr.com/manna4u/
Keeping Windows Clean http://home.neo.rr.com/manna4u/keepingclean.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.

Dustin Cook wrote:
Maybe you need to learn to read before
you step on your dick again, Lord BugShit

"BugShit" is #1 on www.msn.com
"BugShit" is #1 on search.yahoo.com
"BugShit" is #1 on altavista.com

Now wiggle like a good little worm ;]]


4Q
http://fourq.host.sk <-- See how easy
it is to cobble a BugShit like program
together using bASIC.



=====================================

*bad analysis* from Dustbin Cook.
He just doesn't like the fact that a
non-ASIC coder can knock up a simple
script that does the same function as
his (worked on for 2-3yrs) masterpiece.

Also he distorts the facts regarding
maliciousness authoring and spreading
of malware. He's trying to compare like
with like.

*Years of spreading virus and malware
with the intention of getting his crap
into the wild. (Dustbin Cook as Raid[SLAM))

against

*Writing an article for a magazine
discussing ideas and taking care not to
cross the line. (me)

He might as well paint Peter Szor and
Kris Kaspersky with the same brush if
discussing and publishing ideas without
malicious intent is his like for like.





"(not his own)" you fuckin idiot MD5
is(was) the industry standard for
checksumming files and producing a oneway
hash developed by world renowned
crypto-scientist Rov Rivest (Hash clash
discovered by Chinese crypto-researcher
in 2004)



Not at all idiot, the site gives a
basic critique of BugShit and it's
malicious author Dustbin Cook. The
code is a hacked prototype to demonstate
how simple it is to knock up a checksum
checker in a few minutes. (not 2-3yrs).
It's quite clear from the description
that the code isn't meant to be much
more than a showcase of how simple it
is to knock up a cobbled together script.

If I was to code such a program for real
it would be written in 32bit C++ with a
proper user interface with full reporting
facilities.



Fucking idiot. Add any MD5 checksum of
any malware variants to XLIST.TXT and
they will be detected.


Fucking idiot. You can't read for shit
can you! "drive c:" Where does it
even mention drive C? it's --> H <--
you utter fuckstain. Drive H was a
little partition setup for testing.
And it's obvious from the fact it was
a demo that the program doesn't check
anything aside from that demo partition,
otherwise I would have recursively
checked for all drives or used LOCATE
with some params.

That demo checks every file and wastes
CPU time because it was designed as a
simple prototype not a production release
It wasn't a Beta release or even an Alpha
release and no binary was given BECAUSE
my thickheaded friend the intention was
to demo how simple code be knocked up in
a few minutes to do a very basic function
of scanning a set of files against a
checksum list. (see above notes about
C++ and user interface above for more
clues)


A simple CRC checker (not recommended
for use in any serious security
applications). [ Tripwire *industry
standard integrity checker* for example
uses Rov Rivest MD5 ]

Read that as Dustbins inability to
write such 3rd party programs. After
all how is he going to read NTFS or FAT32
from his 16bit BASIC application? bASIC
was designed for very old DOS systems
FAT16 (no long filename support).
No wonder he won't release any source
code for his pile of crap, let's see him
handle NTFS with int13 from his 16bit
platform.


Don't forget I didn't cut and paste
bits and pieces from old virus code
(like you did) and I wrote from scratch
whilst cooking my meal, watching TV,
and coffee moments

Very misleading. I wrote the code as
an easy to understand "bASIC" program
uppercase for keywords and parenthesis
around functions for clarity. You need
to re-read what Kadaitcha Man had to
say about your scriddle skrit code
http://fourq.host.sk/chars/Dustin_Cook/
follow the link to the parts with Dustbin
bad bASIC code and anyone can see the
dimbulb has no place to talk about anyone
elses code. )


And don't forget I code in C/C++ not bASIC. Perhaps you should ask
Guillermito
if he will send you some of my object
oriented C++ A.L. work, was published on
Coderz.net Then come back and compare
your standard of coding with mine.



Why don't you release some of your
"pinto" source code. Let's say one of
your 1.9 BugShit versions complete
with compile instructions so we can
take a look at your mastery of programming.


*hah* Smokescreen. You with a long long
history of maliciousness and releasing
virus malware into the wild expect people
to believe you can be trusted. It's like
asking a reformed bankrobber to look
after a savings trust.



See notes above


4Q

4Q wrote:

*Oops* Rov Rivest = Ron Rivest

I don't even know what Rov would be
short for. Rov(er) the dog perhaps?

4Q

4Q <paul_zest@hushmail.com> wrote in
news:1179329750.101349.153500@e65g2000hsc.googlegr oups.com:

"BugShit" isn't "BugHunter", 4Q. Who's dancing?

yet it took you 2 hours or so? Hehhe..

Oh, the analysis wasn't as thorough as I could have been. I focused on a
few problems and differences between our work, not all of them.

I'm distorting nothing. I haven't authored a destructive program since
2000; And everyone including you knows it. Your trying to use what I've
done in the past to say that I'm the same now. You just don't want to
face the facts I got tired of doing stupid vx things and decided to do
something useful. I believed you originally called me a turncoat for
this. I don't see myself as a traitor 4Q, I do not target viruses, I have
no interest nor desire in viral detection. Worms are a subset (depending
on who you ask) of viruses, but I don't see them as a real viruses, and
therefore, I don't see my detecting them is turncoating. You do. We
differ.


virus and malware? You make as much sense as the statement "new and
improved."

I already admitted to what I've done, 7+ years ago. Get over it. Big Bad
Raid doesn't owe you a damn thing!

Nice try. You provided functional source code and an easy to follow flow
chart. you went to the other side of the line, jerk.

When my source code was published, it wasn't functional without some
effort on the persons part trying to compile it.

Give it up. A totally unfair comparison. Nothing you do is without
malicious intent. You are not in the same league as those individuals,
your nothing compared to them. Please don't insult their intelligence by
thinking anyone should compare you or your actions to that of theirs.

And why don't you tell everyone about a collision hash with md5?
http://it.slashdot.org/article.pl?sid=05/09/23/0618252

Nevermind, they can click the link.


In what possible way at this point in time is the program known as
BugHunter malicious 4Q? Can you defend the claim and the justification
for md5ing it to your program?

Considering your shelling to md5 for the actual math work, I'd expect
even you to be able to write something like what you did.

The code was supposed to demonstrate the basics for what BugHunter is
doing, but it fails to do so. Your script is so generically natured, it's
no better than Dr Sollys perfect scanner.

And still as inefficient?


Re-Read what I said. Nevermind, I'll write it simpler. You will require
two unique md5 signatures to validate the fact file a and file b are the
same minus a couple of random byte changes. IE: As I said, *Your* program
will *miss* anything that's even slightly different than another, even if
they are the same. In the spyware industry, your as useful as pcbutts.

A single md5 database checksummer isn't used in the industry for a reason
4Q, and this is one of them. You do not understand how the BugHunter
program works, and this is painfully obvious.


c: typo, sorry. See Above concerning who can't read.
Anything to dispute in the paragraph?

Wait.. Aren't you whining because I use LOCATE? Yes, yes you are. Why can
you use it then?

It was designed as something that was supposed to be similiar to
BugHunter, for a comparison. Your program isn't even close. Your
algorithms (heheheh) aren't even close.

It's very sloppy and extremely generic. Slightly above pcbutts coding
ability I'm sure, but probably not much.

Sure, if I was using a checksum list. But then, I'd waste time like you
and checksum every file... You really don't have a clue how it works..
lol.

Just so you know, Some individuals reading along do know exactly how
BugHunter works, so your only embarrasing yourself now. *grin*

BugHunter isn't a simple crc checker. And I wouldn't recommend someone
use a simple crc checker in any security program, either. Tripwire isn't
a malware scanner.

4Q, The file system is transparent to the program.
As a fellow programmer? (heh) you should have known that. I'm not
accessing data on a sector or direct hardware level, so the filesystem
doesn't matter. If you can see the drive in dos/console, BugHunter can
too. It's as simple as that.

Actually, if I really wanted to support long filenames, I could. Extended
interrupts do provide access to them. Just ask Art. He's written a few
things in QuickBasic which display and access long filenames in dos fine.

That's been available since windows95 you know, Long filename support for
dos programs that wanted to bother.

As I don't access the hard disk via the bios, why would I need to access
the ntfs file system directly?

You keep calling it a pile of crap, yet it continues to get awards and
nice reviews and support. It's still one of the fastest (if not the
fastest) scanners available, for dos or windows. I've corrected every
issue reported concerning it too. In what way is it a pile of crap?

I don't recall any of my virus code having an interface, like BugHunter
does. Are you going to accuse me of stealing my own code now too?
The fact my code is written/commented well enough that it can be adapted
for use in other programs is a good thing, I'm sorry your such a sloppy
programmer that yours is that app specific. If you can't reuse some of
your code, you can't code. Period.



Kadaitchman got his ass handed to him trying to correct my code.
Remember? I posted working code, his corrections resulted in non
functional code. He backpeddled ever since. He did so poorly, his code
wouldn't compile if you tried; And I didn't have to try to know this,
despite his backpeddling claim saying otherwise.

Your going to need more reliable witnesses on your side, He's a chump.

The fact asic isn't something your too familiar with isn't a valid excuse
to defend such poor programming. Remember, you invited this by trying to
pass that pos code of yours off as something even remotely close to
BugHunter. If that's the best imitation you can do for me, I'm
disappointed. Your a lousy fan.
Heh, BugHunter is by no means a pinto. Only a moron would think of yours
as the Mustang. Source code isn't available, and as a programmer, you
shouldn't need it to figure out how the program runs. Unless, your just
not as good as your trying to pass yourself off to be.


So you have no way of backing the statement up then? I didn't think so.
You couldn't back up the initial claim that it was already a trojan, so I
didn't really expect a good defense on this claim of yours either. I was
hoping you'd respond in a fashion such as this to show everyone else what
your real intentions are. As if everyone hasn't figured you out by now.

Please do. Also note,

4Q's website: nothing useful to be found.
My website: a program which will remove over 8,500 malicious executables
and scripts.

Does it really take a rocket scientist to see whats useful and whats a
waste of webspace?


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

4Q <paul_zest@hushmail.com> wrote in
news:1179329750.101349.153500@e65g2000hsc.googlegr oups.com:

"BugShit" isn't "BugHunter", 4Q. Who's dancing?

yet it took you 2 hours or so? Hehhe..

Oh, the analysis wasn't as thorough as I could have been. I focused on a
few problems and differences between our work, not all of them.

I'm distorting nothing. I haven't authored a destructive program since
2000; And everyone including you knows it. Your trying to use what I've
done in the past to say that I'm the same now. You just don't want to
face the facts I got tired of doing stupid vx things and decided to do
something useful. I believed you originally called me a turncoat for
this. I don't see myself as a traitor 4Q, I do not target viruses, I have
no interest nor desire in viral detection. Worms are a subset (depending
on who you ask) of viruses, but I don't see them as a real viruses, and
therefore, I don't see my detecting them is turncoating. You do. We
differ.


virus and malware? You make as much sense as the statement "new and
improved."

I already admitted to what I've done, 7+ years ago. Get over it. Big Bad
Raid doesn't owe you a damn thing!

Nice try. You provided functional source code and an easy to follow flow
chart. you went to the other side of the line, jerk.

When my source code was published, it wasn't functional without some
effort on the persons part trying to compile it.

Give it up. A totally unfair comparison. Nothing you do is without
malicious intent. You are not in the same league as those individuals,
your nothing compared to them. Please don't insult their intelligence by
thinking anyone should compare you or your actions to that of theirs.

And why don't you tell everyone about a collision hash with md5?
http://it.slashdot.org/article.pl?sid=05/09/23/0618252

Nevermind, they can click the link.


In what possible way at this point in time is the program known as
BugHunter malicious 4Q? Can you defend the claim and the justification
for md5ing it to your program?

Considering your shelling to md5 for the actual math work, I'd expect
even you to be able to write something like what you did.

The code was supposed to demonstrate the basics for what BugHunter is
doing, but it fails to do so. Your script is so generically natured, it's
no better than Dr Sollys perfect scanner.

And still as inefficient?


Re-Read what I said. Nevermind, I'll write it simpler. You will require
two unique md5 signatures to validate the fact file a and file b are the
same minus a couple of random byte changes. IE: As I said, *Your* program
will *miss* anything that's even slightly different than another, even if
they are the same. In the spyware industry, your as useful as pcbutts.

A single md5 database checksummer isn't used in the industry for a reason
4Q, and this is one of them. You do not understand how the BugHunter
program works, and this is painfully obvious.


c: typo, sorry. See Above concerning who can't read.
Anything to dispute in the paragraph?

Wait.. Aren't you whining because I use LOCATE? Yes, yes you are. Why can
you use it then?

It was designed as something that was supposed to be similiar to
BugHunter, for a comparison. Your program isn't even close. Your
algorithms (heheheh) aren't even close.

It's very sloppy and extremely generic. Slightly above pcbutts coding
ability I'm sure, but probably not much.

Sure, if I was using a checksum list. But then, I'd waste time like you
and checksum every file... You really don't have a clue how it works..
lol.

Just so you know, Some individuals reading along do know exactly how
BugHunter works, so your only embarrasing yourself now. *grin*

BugHunter isn't a simple crc checker. And I wouldn't recommend someone
use a simple crc checker in any security program, either. Tripwire isn't
a malware scanner.

4Q, The file system is transparent to the program.
As a fellow programmer? (heh) you should have known that. I'm not
accessing data on a sector or direct hardware level, so the filesystem
doesn't matter. If you can see the drive in dos/console, BugHunter can
too. It's as simple as that.

Actually, if I really wanted to support long filenames, I could. Extended
interrupts do provide access to them. Just ask Art. He's written a few
things in QuickBasic which display and access long filenames in dos fine.

That's been available since windows95 you know, Long filename support for
dos programs that wanted to bother.

As I don't access the hard disk via the bios, why would I need to access
the ntfs file system directly?

You keep calling it a pile of crap, yet it continues to get awards and
nice reviews and support. It's still one of the fastest (if not the
fastest) scanners available, for dos or windows. I've corrected every
issue reported concerning it too. In what way is it a pile of crap?

I don't recall any of my virus code having an interface, like BugHunter
does. Are you going to accuse me of stealing my own code now too?
The fact my code is written/commented well enough that it can be adapted
for use in other programs is a good thing, I'm sorry your such a sloppy
programmer that yours is that app specific. If you can't reuse some of
your code, you can't code. Period.



Kadaitchman got his ass handed to him trying to correct my code.
Remember? I posted working code, his corrections resulted in non
functional code. He backpeddled ever since. He did so poorly, his code
wouldn't compile if you tried; And I didn't have to try to know this,
despite his backpeddling claim saying otherwise.

Your going to need more reliable witnesses on your side, He's a chump.

The fact asic isn't something your too familiar with isn't a valid excuse
to defend such poor programming. Remember, you invited this by trying to
pass that pos code of yours off as something even remotely close to
BugHunter. If that's the best imitation you can do for me, I'm
disappointed. Your a lousy fan.
Heh, BugHunter is by no means a pinto. Only a moron would think of yours
as the Mustang. Source code isn't available, and as a programmer, you
shouldn't need it to figure out how the program runs. Unless, your just
not as good as your trying to pass yourself off to be.


So you have no way of backing the statement up then? I didn't think so.
You couldn't back up the initial claim that it was already a trojan, so I
didn't really expect a good defense on this claim of yours either. I was
hoping you'd respond in a fashion such as this to show everyone else what
your real intentions are. As if everyone hasn't figured you out by now.

Please do. Also note,

4Q's website: nothing useful to be found.
My website: a program which will remove over 8,500 malicious executables
and scripts.

Does it really take a rocket scientist to see whats useful and whats a
waste of webspace?


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Lord BugShit wrote:
<snip>


When people refer to a generic vacuum
cleaner they say "A Hoover". You don't
have to thank me for naming your generic
Hooveroid "BugShit" ;]]


<snip crap of Dustbin crying about not
being able to escape his maliciousness>




MD5
===

Slowhead what have I told you about
letting your head catch up with your
typing fingers, ey?


Read what I wrote with a bit more
care this time.

"is(was)" <-- see that '(was)' bit tagged
onto the 'is' then skip forward a few
words where some more words are enclosed
inside brackets ().
"(Hash clash discovered by Chinese
crypto-researcher in 2004)"

*waits a few hours for Dustbin to
let a couple of sentences sink in* Okay
now that you've had chance to re-read
at your normal thinking speed you will
see that I've answered your question
regarding the MD5 being broken
*hint*
by the Chinese crypto-researcher in 2004.




*whoosh* Right over your head. KM kicked
you around Usenet groups for fun! Who
gives a fuck if a couple of ASIC shite
lines didn't compile, the object of the
exercise was to kick you around like a
old floor cloth. I kept stumm about the
"Assembler" even though every fucking
book on ASM I've got says "Assembler"
(even Borland and Microsoft call it
"Assembler" programming) because it was
funny as fuck when KMan described your
crap as a "polished turd" a lovely
burnished bronze colored polished turd,
but a turd non the less! *HAHAHHAHAHA*

That my friend is what will stick in
peoples mind, the humor, not the accuracy
of some of 16bit DOS code semantics.

And just so people can have another laugh
I'll re-post the link and throw this
message out to a few of your fav. groups.

http://groups.google.com/group/alt.o...e761e4f305991c


4Q
http://fourq.host.sk