|Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!|
|News Archive Translate Traducen|
|News April 2000|
30 april 2000
New by Senna Spy: "One EXE Maker 2000".
More interesting things on his site like: "How to Make a Trojan with Internet Auto-Update Support in Visual Basic ?" and MS-DOS 6.0 FULL SOURCE CODE. Link.
New Trojan: Cafeini 0.8. Submitted by Achates.
Trojans and virii added by A.V.P. List.
Russia has first large-scale hacker criminal case. Story.
Hackers, crackers and Trojan horses. (CNN) Story.
29 april 2000
Psychward. New small server. By evilgoat
TFAK v3.0 is a client for 22 remote access trojans, and removes 257 remote access trojans and 9 file joiners. By SnakeByte.
Sub-Net 2.0 can scan the specified Host\IP for over 150 trojan ports
ZDNet: Beware shopping cart's Full Story.
Qualcomm warns of Eudora security hole. Full Story.
Attackers that halted AboveNet Communications Web traffic are being sought by law enforement officials (ZD Net News) Story.
Infamous computer hacker Kevin Mitnick ordered off lecture circuit. Full Story.
Bubbleboy variant, 'Unicle' worm wreaks havoc in China. Full Story.
FBI steps up efforts to track down hackers. Full Story.
Hacker demanded $500 for chatroom password. Full Story.
CIH Virus Hits Computers in Bangladesh. Full Story.
Sophos and Wildlist Organization Join Forces To Protect Users Against Rapidly Spreading New Viruses. Full Story.
How Microsoft Ensures Virus-Free Software. Full story.
White House Security Official Calls for More E-vigilanc. Full Story.
Go to 'Site Search" for all updates.
28 april 2000
Precursor 1.990a Beta
NMAP -- The Network Mapper.
If your goal is to understand your network from a
40,000-foot view, then Windows port scanning tools
will suffice. But if you're serious about your security
and looking for the holes that crackers will find, then
take the time to install a Linux box and use nmap." --
Info World.nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy
for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). This is the Perl slogan,
but it is equally applicable to scanners. Sometimes you need speed, other times you may need stealth. In some
cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different
protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode.
Distributed Denial of Service (DDoS) attacks are still making their way
into the news, although not because someone launched another massive
NetOp is a remote administrator control tool.
The Coders Connection *TCC* this should be someday a place for coders worldwide to wrote tutorials or textfiles ,also it should be a place where others meet new people and get new ideas or even some tips.
Test your system online for trojans. Online Systemcheck.
Show that you like this site by voting. Security Information is almost of some lists!. Click on one of the banners above the news if you are ready here.
Go to 'Site Search" for all updates.
27 april 2000
Trinoo Trojan. Only sources.
This is the information.
The RUX Trojan is now also in an english version. Coded by PhillippP and translated by MaGuS.
The Osiris Scripts compares one catalog of executable files
with another catalog of executable files.
[UNIX] Backdoor Password in Red Hat Linux Virtual Server Package.
Lack of network security found in major backbone providers. Read more.
FBI investigating new Web attack. Story.
Hackers break into Romanian Senate's Web site. Full story.
News in view: Hackers - the IT manager`s best friend? Story.
You will find some demo fake trojans in: Related > Tools > Fake Trojans
Go to 'Site Search" for all updates.
26 april 2000
New version of SubSeven server is out! server.
The following is an analysis of the "Tribe Flood Network", or "TFN", by
Tribe Flood Network 2000. Using distributed client/server functionality, stealth
and encryption techniques and a variety of functions, TFN can be used to
control any number of remote machines to generate on-demand, anonymous
Denial Of Service attacks and remote shell access.
The following is an analysis of "stacheldraht", a distributed denial of service
attack tool, based on source code from the "Tribe Flood Network" distributed
denial of service attack tool.
Distributed Denial of Service Defense Tactics - This paper details some
practical strategies that can be used by system administrators to help protect
themselves from distributed denial of service attacks as well as protect
themselves from becoming unwitting attack nodes against other companies.
Zombie Zapper Was already here. Windows NT Binary - Zombie Zapper [tm] is a free, open
source tool that can tell a zombie system flooding packets to stop flooding.
25 april 2000
SubSeven X is a client for SubSeven 2.1. It connects also to other versions, but then not all functions will work.
If you want to help with this project contact MaGuS.
Reminder: April 26th is here again.CIH virus day.
Yahoo. Technical details of the attack on Yahoo!
Analysis of the Trinoo Trojan. Coming soon!
New version of Subseven server is out! Server.
24 april 2000
New trojan: Remote Explorer 2000.
Hacker, 18, cracks details of Bill Gates's credit card. Read story.
Two teenagers arrested in Wales after an FBI investigation into an alleged $3m internet credit card. Read full story here.
Judge Blocks Hacker's Appearance at Conference. Read full story.
PSINet Hit with DoS Attack. Read more.
23 april 2000
Timbuktu Pro Remote Control and File Transfer software offers users a scaleable, multi-platform solution for user support, systems management, telecommuting, and collaboration across a LAN, WAN, the Internet or dial-up connection.
Not a trojan, but still remote control. You can get it here.
ZoneAlarm Firewall can be easily scanned for open ports. Read here.
Aliens? No, a Hacker Shut Down Area 51 Site: APB news.
Hackers, cybercops continue cat-and-mouse game. Read here.
22 april 2000
Trojan: Prosiak 0.65.
Free Linux software blocks hackers. Read more.
Lack of network security found in major backbone providers. Read more.
Zombie attacks can be traced. Read more.
21 april 2000
New basic trojan: Khe Sanh 2.0.
WASHINGTON -- The federal government intends to make finding Trojan horses and trap doors on computer systems a "research priority," as the risk is one that some companies may be facing as a result of hasty Y2K problem repair work.
That was the message delivered by Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism, at a U.S. Commerce Department-sponsored conference on information security Tuesday.
A Trojan horse can be as little as two lines of code maliciously buried in millions of lines of programming, Clarke said. "Even our best people have difficulty finding a Trojan horse or trap door," he said. Trap doors can be used to gain unauthorized access into a system.
Canadian police have charged a suspect in the cyber attacks against CNN, Yahoo!, eBay, Amazon.com, ETrade and other major internet sites.
The suspect is a 15-year-old boy whose identity cannot be disclosed under Canadian law, but who uses the nickname "Mafiaboy" online. Read BBC news.
Anti-virus - It is estimated American businesses alone are losing $550m every year thanks to viral
programmes. Anti-virus software has become a boom industry as a result. Read more.
20 april 2000
New trojan: Error 32.
Recon - created with the power of Delphi3. As client it uses the standard Telnet client, so a computer can be remote-controlled from any OS.
Port Magic is a port monitor that warns on connection attempts and nukes.
Backdoored exploit for the portmap exploit has been found. Read more.
19 april 2000
Stoner and Bogart publiced their next version of Incommand: InCommand 1.5.
Spider: This tool allows you to see AND remove the hidden stored URL's of IExplorer.
This Is A Very Simple Plug-In For Back Orifice 2000 v1.0 (BO2K by cDc)
Backdoor in Microsoft Frontpage.
Backdoor in "Dansie Shopping Cart" e-commerce script.
Can anyone crawl into your computer while you're connected to the Internet? You may be VERY surprised to find out! Test here with "Shiels Up".
18 april 2000
Trojan Hunter Q submitted this unknown Trojan: DP Trojan.
rIP is an mIRC script that when initiated (/rIP) causes a loop, DNSing the specified members of a given channel OR DNSing all non-invisible users of a specified host. Furthermore, the internet protocol addresses are written to the supplied text file in order to be sweeplisted by one of the Back Orifice clients. rIP also has the feature to scan for Netbus servers.
Password e-mailer Naebi 2.18 was missing till now.
Experts: Hackers may be infecting thousands of Windows PCs. Read more.
Hacker Guilty in Federal Web Intrusions. Read more.
17 april 2000
Maverick brings out his latest version. Maverick`s Matrix 2.1.
I still miss versions 1.1, 1.8 and 1.9. Anybody has those?
Scarab 2.1.104 beta by Eggo. Client only.
Tambu UDP Scrambler. This program has two distinct features.
Project X v2.0 is an exact copy of the RM Logon program used on RM Connect networks. It is exact in appearance and the way it behaves responding to user interaction. The app is run from a normal user area (with an N:\MyWork folder), and there is no registry editing or win.ini editing needed, just double click the app and go. If you choose to run the app from a folder other than N:\MyWork, beware that the app makes no allowance for saving files to different folders (at least not this version ;)).
16 april 2000
FC made a new version of Infector! Client is very nice. Upload trojan with icq notify. Infector 1.4 and Infector 1.4.2.
EXESCAN is an executable file analyzer which detects the most famous EXE/COM protectors, packers, converters and compilers.
Hem Scan. Another port scanner. Submitted by Q.
Microsoft Admits to Backdoor in Server.
Backdoor Found in E-Commerce Software.
Keyboard Monitoring Becoming More Popular with Business .
911 NOT A THREAT
IS A FIREWALL SECURE ENOUGH?
KEVIN TO SPEAK
15 april 2000
WinS.A.T.A.N. trojan, information and the binaries.
The Tambu Dummy Server listens to any TCP/UDP port you wish and monitors what is happening.
SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another, providing strong authentication and a secure communications over insecure channels. Homepage here.
Intact v1.0a - Intact is a system integrity checker which will take a snapshot of your system and verify that none of your files, directories, registries, devices, settings, permissions and auditing have changed.
14 april 2000
Pandora's Box . The P-Box is a generation kit for timebombs/trojans It's output is pure win32 Assembler code.
A new version of the e-mail password sender: EPS 1.51
A new Trojan, called Troj/Narnar, has been reported by Sophos to be active in the wild.
This backdoor Trojan allegedly installs itself in the Windows system folder with the filename tskmngr.exe, and changes the registry in such a way that the Trojan is run every time Windows is restarted.
QueQuero - NetBus Reverse Engeneering. I do not know what this one does, please send me information if you know. The same with this one, Subseven Regenerator. It should do following "Let's Hide your SubSeven 1.9x/2.0 Server to all kinds of AntiVirus". On TL was some information about it.
13 april 2000
Mobman released Subseven 2.1 M.U.I.E. The client has skins. They will work to on version 2.2. Keylogger, irc bot ident, ip scanner and a couple of others has been fixed. In between a fixed editserver came out. It is already in the package. Unpacked server can be downloaded seperatly.
Insane Network 5.0 does not need a client.
It uses telnet.
Timbuktu Pro Remote Control and File Transfer software offers users a scaleable, multi-platform solution for user support, systems management, telecommuting, and collaboration across a LAN, WAN, the Internet or dial-up connections. Here their site.
Record Keystrokes with Tiny Device. Tiny Device records all keystrokes typed. Installs in a few seconds, simply clip on to keyboard cable. Read more.
12 april 2000
New Trojan: Remote Storm 1.2 by Impactus.
Share View allows you to see ALL shares on your system, whether hidden, System-Share or normal. Displays read/write information and plaintext decoded passwords. Allows you to toggle the System-Share bit of any existing share.
IRC worms, theorie and code, by SnakeByte
Startup Monitor keeps you informed about changes in the automatic started programs.
Find out how they break in, how to stop them, and what they can do to try to evade you. CanSecWest Conference: May 10-12; Vancouver, BC, Canada
11 april 2000
Trojan WinControl 1.33. Lot of features.
RCH is a very small and useful trojan for Win32. It can be controled by general browser.
Ltelnet is the telnet trojan based on GNU telnet. The all operation which is included the server name, username, and password can be logged. This trojan can be installed with non-root user, if the user account is used by many crackers, you can also know the cracking process and the location of rootshell.
NEW KIND OF SECURITY SCANNER by BHZ Saturday 8 April 2000 on 3:33 AM ISS is offering an on-line scanner for Web sites which surveys users’ hard drives to detect any potentially dangerous programs, such as Trojans and viruses, that may have been placed on the machine without their knowledge. Link: The Register
ex_pms-tr.zip. This is another personal mail server remote exploit. Of course, it can be executed remotely. If the trojan program is sent, the victim machine will be controlled remotely.
Read here about placing Backdoors Through Firewalls. By van Hauser.
10 april 2000
Lot of thanks to Happyhackr, who made the cool graphic on the front page.
Enter this site on http://www.kobayashi.cjb.net. This way you always get on the right url.
NCX. Hacked netcat-based trojan used to exploit the eEye NT4+IIS4 URL remote buffer overflow - gain remote control over NT
servers with this backdoor. By eEye Digital Security Team.
Cassandra is a free Trojan Horse Guard which has the ability to detect and remove 25 different Trojan Horses.
Portmap. Trojan being spread to clueless kiddies, claims to exploit portmap on Redhat boxes, really adds a rootshell to your inetd.conf file and sends other info like your ip address by executing ifconfig, it sends this mail to email@example.com.
Replacement LOGIN.EXE for Novell Netware. Written by Willem the notorious Netherlands hacker Usage - Run PROP.EXE from a Supervisor account to create a new property. Replace existing LOGIN.EXE in SYS:LOGIN. Each time a user logs in the text is stored in the new property. Use PROP.EXE to retrieve captured logins. - Simple Nomad.
All-root is a kernel trojan (basic linux kernel module) which gives all users root. By Blasphemy.
Sendmail-5.9.3trojan. Backdoored Sendmail 8.9.3 - Enter a special SMTP command and it opens a root shell. By Axess.
Netmonitor 90 is small program which monitors TCP/IP connections to your machine. Meant for systems administrators who wish to keep track of access to a machine, it can also be useful in network programming or troubleshooting. Basically a graphical version of netstat.exe' which ships with win95/98/nt, it has the added advantages of constantly refreshing it's display as well as logging capabilities.
9 april 2000
Asylum 0.1 is a small open source Remote Administration Tool for Windows 95/98/NT4/2000. It's multithreaded and supports multiple clients. The features are upload file, open file, and reboot. This may not seem like much, but these can prove very useful as the server size is a mere 8 kilobytes (even less if you compress the exe). Server in assembler, client in delphi. Full Asylum RAT Suite v0.1 source code. Made by Slim. Submitted by Nikki.
Win.Trinoo Server Sniper. The DiamondCS Win.Trinoo Server Sniper is the first scanner in the world released
to combat the Windows Trinoo threat. It can both ping (test for existance) and kill
(remove) the Win.Trinoo trojan server remotely. As the Trinoo trojan uses the UDP
transport protocol, the Trinoo Server Sniper is a high-speed scanner, which can scan
entire subnets (254 machines) in around 4 seconds.
Internet Connection Monitor. This freeware utility called ICM was designed for people who want to know when the net is up and when it has been disconnected. By checking a certain registry key at a specified interval, the program will let you know if youre connect or not. (Microsoft's Dialup Connection Monitor clears all it's information whenever you are disconnected, preventing you from seeing how long you were connected for). ICM starts minimised in the system tray.
Bypass Virus check using Recycle Bin by Neil Bortnak.
Hackn' for Newbies is an all in one package for someone who has never used trojans, but would like to start. It contains the deepthroat 2.0 and netbus 1.7 trojan interface along with various scanners, an exe patcher, pasword crackers, user configurable buttons and more. By rastas dabastas. Download here.
8 april 2000
Q-2.0 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports. Changes: Security enhancments, easier usage, and better encryption. By Mixter
Hook Protect 2.05. Ensure that no invisible programs are running on
your system, such as key loggers and monitoring
applications. Also stops Trojan horses that use "hook" for
message handling. Read more.
SKIN98. Stealth Keyboard Interceptor Auto Sender.
7 april 2000
New Trojan by eXsodus, Project nEXt 0.5.3 beta version.
Recourse Technologies released ManHunt, a security solution designed to
protect corporations from hacker attacks. ManHunt lets businesses track
hackers across Internet boundaries. ManHunt working with ManTrap enables
companies to track and trap hackers. ManHunt detects attacks against
distributed computer networks and responds by tracking the attacker back
across numerous Internet hops. ManHunt determines the precise network entry
point and forwards the information to upstream ISPs.
A Hong Kong teenager has been sentenced to six months in jail for hacking into the Internet in the first case of its kind in the territory, a report said Thursday. Read more
CGI BackDoor by OVERFLOW.
Attacker. A TCP/UDP port listener. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). Can minimize to the system tray and play an audible alert. This program is intended to act as a guard dog to notify you of attempted probes to your computer via the Internet. [03/04/2000 v2.1]
6 april 2000
New version of Barok.
Barok v.2.1 : E-mail password sender trojan. Sends all save passwords, includes phone number, ip address, dns address, win address, etc...
There is a new worm executable that spreads under the guise of a screen saver and delivers
a malicious payload that renders the Windows operating system inoperable.
Open Source HP for Remote Administration Tools: Open Source.
TFAK 2.0. Cleans 141 trojans. Client for 19 trojans..
5 april 2000
Solaris Integrated Trojan Facility 0.2
This is a publicly released Solaris Kernel Module backdoor from The Hacker`s Choice.
XploiterStatPro 2.5 XploiterStat Lite is a freeware network management tool in a similar vein to the dos
program 'Netstat.exe' - i.e. shows all the connections to your machine, listening ports
(identifying trojans) etc. allowing you the user to see TCP/UDP and ICMP connections are
present on your machine. This is the latest release of the program formerly known as
Totostat Enhanced. Www.xploiter.com produced it.
PortBlocker allows you to basically block the Internet port of most servers, making them
unreachable to other computers on the Internet. This program is NOT a Firewall, but it will
allow you to run a server that is only available on the local network, and will log any access
attempts made by other machines that are attempting to use the blocked interface. By
default, PortBlocker is configured to block the most common types of servers that might be
on a system (FTP, HTTP, etc), so will not require any modification for most users. If you
are running a special server of some sort, then you can easily add it's ports (either TCP or
UDP) to it's list, and have them blocked and/or logged.
Zombie Zapper 1.2 is a free, open source tool that can tell a zombie system flooding packets
to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various
defaults used by these attack tools are still in place, but allows you to put the zombies to
4 april 2000
A new version is out of the Daratty trojan. Still in beta stage.
DRat 3.0 beta, The Worlds Ultimate Virtual Spy . Hard to remove, a lot of functions. For feedback or reporting bugs contact DaRaTTy.
The Thinker is still working on Nephron
. This is a beta version of the client.
EPS 1.09 sends password by e-mail.
In record mode, Phantom2 records every key pressed on your keyboard, whether you are at the DOS command prompt or running a program. Then, in playback mode, Phantom2 plays back the recorded keystrokes exactly as they were originally recorded, with exactly the same timing as when they were recorded. Submitted by Q.
3 april 2000
Basic trojan written by Merlin II. The Event Horizon.
Buffer overflow in subseven 2.1a. Read here.
Added a linux section.
Alpha 0.31. It hides registy startups and does exe redirect, only NT. Submitted by Q.
2 april 2000
Version 1.6 of GayOL was submitted by MaGuS, who is also main beta tester.
Lead programmer is Officer Dick.
Virus Alert! New virus, called 911, spreads itself across the net by using windows shares . Read here more.
1 april 2000
There is now a search engine.
RUX, a trojan by PhilippP. Server only 13k.
Dunrape, a dial up raper by Mmojo. Grabs all dial up networking passwords on win9x. Send by crew member, Senna Spy Programmer
Packer: Cexe. Only works on NT.
Int_13h made this cracker to turn off all Netbus Pro 2.x logging.
Prikol shows a fireworks on the screen and sends information to a specified e-mail address.