Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!
News Archive    Translate Traducen
News April 2000
30 april 2000

New by Senna Spy: "One EXE Maker 2000".
More interesting things on his site like: "How to Make a Trojan with Internet Auto-Update Support in Visual Basic ?" and MS-DOS 6.0 FULL SOURCE CODE. Link.

New Trojan: Cafeini 0.8. Submitted by Achates.
Platforms: WIN95/98/2000/NT

Trojans and virii added by A.V.P. List.

Russia has first large-scale hacker criminal case. Story.

Hackers, crackers and Trojan horses. (CNN) Story.

29 april 2000

Psychward. New small server. By evilgoat

TFAK v3.0 is a client for 22 remote access trojans, and removes 257 remote access trojans and 9 file joiners. By SnakeByte.

Sub-Net 2.0 can scan the specified Host\IP for over 150 trojan ports

Trojan Information.
Trin00 for Windows
Kill MBR.

ZDNet: Beware shopping cart's Full Story.

Qualcomm warns of Eudora security hole. Full Story.

Attackers that halted AboveNet Communications Web traffic are being sought by law enforement officials (ZD Net News) Story.

Infamous computer hacker Kevin Mitnick ordered off lecture circuit. Full Story.

Bubbleboy variant, 'Unicle' worm wreaks havoc in China. Full Story.

FBI steps up efforts to track down hackers. Full Story.

Hacker demanded $500 for chatroom password. Full Story.

CIH Virus Hits Computers in Bangladesh. Full Story.

Sophos and Wildlist Organization Join Forces To Protect Users Against Rapidly Spreading New Viruses. Full Story.

How Microsoft Ensures Virus-Free Software. Full story.

White House Security Official Calls for More E-vigilanc. Full Story.

Go to 'Site Search" for all updates.

Daily News
28 april 2000

Trojan:
Precursor 1.990a Beta
Precursor 1.0.

NMAP -- The Network Mapper. If your goal is to understand your network from a 40,000-foot view, then Windows port scanning tools will suffice. But if you're serious about your security and looking for the holes that crackers will find, then take the time to install a Linux box and use nmap." -- Info World.nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). This is the Perl slogan, but it is equally applicable to scanners. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode.
Homepage.

Distributed Denial of Service (DDoS) attacks are still making their way into the news, although not because someone launched another massive attack.
The residual DDoS news centers on catching the perpetrators and developing remedies to prevent future attacks.
Organizations will eventually push for new laws to help law enforcement deal with DDoS attacks.
That's exactly what Congress is trying to do with the Internet Security Act of 2000 Read more.

NetOp is a remote administrator control tool.
This program enables unauthenticated attacker to browse and download files from the remote server.
DETAILS:
Vulnerable systems:
NetOp version 6.0
Immune systems:
NetOp version 6.5
By default the NetOp program does not use any authentication algorithm, and this means that anyone that connects to its default listening port (TCP 6502), is allowed to gain access. After a remote user connects to the above port they are able to download any file the service is allowed access to (this depends on the user under which the service is executed under).

The Coders Connection *TCC* this should be someday a place for coders worldwide to wrote tutorials or textfiles ,also it should be a place where others meet new people and get new ideas or even some tips.

Test your system online for trojans. Online Systemcheck.

Show that you like this site by voting. Security Information is almost of some lists!. Click on one of the banners above the news if you are ready here.

Go to 'Site Search" for all updates.

27 april 2000

Trinoo Trojan. Only sources.
This is the information.

The RUX Trojan is now also in an english version. Coded by PhillippP and translated by MaGuS.

The big brother system and network monitor .
Here an NT client for Big Brother Systems and Network Monitor.
Homepage.

The Osiris Scripts compares one catalog of executable files with another catalog of executable files.
The implementation for Windows NT is currently Perl, while the Unix version is written in C.
This keeps an administrator apprised of possible attacks and/or nasty little trojans, and is the main reason for the existence of the Osiris Scripts.

[UNIX] Backdoor Password in Red Hat Linux Virtual Server Package.
Internet Security Systems (ISS) X-Force has identified a backdoor password in the Red Hat Linux Piranha product.
Read more and here.
Fix here.

Lack of network security found in major backbone providers. Read more.

FBI investigating new Web attack. Story.

Hackers break into Romanian Senate's Web site. Full story.

News in view: Hackers - the IT manager`s best friend? Story.

You will find some demo fake trojans in: Related > Tools > Fake Trojans

Go to 'Site Search" for all updates.

26 april 2000

New version of SubSeven server is out! server.

The following is an analysis of the "Tribe Flood Network", or "TFN", by Mixter.
TFN is a powerful distributed attack tool and backdoor currently being developed and tested on a large number of compromised Unix systems on the Internet. By David Dittrich.
TFN analysis.

Tribe Flood Network 2000. Using distributed client/server functionality, stealth and encryption techniques and a variety of functions, TFN can be used to control any number of remote machines to generate on-demand, anonymous Denial Of Service attacks and remote shell access.
The new and improved features in this version include Remote one-way command execution for distributed execution control, Mix attack aimed at weak routers, Targa3 attack aimed at systems with IP stack vulnerabilities, Compatibility to many UNIX systems and Windows NT, spoofed source addresses, strong CAST encryption of all client/server traffic, one-way communication protocol, messaging via random IP protocol, decoy packets, and extensive documentation. Currently no IDS software will recognise tfn2k. By Mixter. TFN2k.

The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool.
Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents. By David Dittrich.
Stacheldraht analysis.

Distributed Denial of Service Defense Tactics - This paper details some practical strategies that can be used by system administrators to help protect themselves from distributed denial of service attacks as well as protect themselves from becoming unwitting attack nodes against other companies.
By Simple Nomad.
DDSA Defence.

Zombie Zapper Was already here. Windows NT Binary - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding.
It works against Trinoo, TFN, and Stacheldraht.
It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.

25 april 2000

SubSeven X is a client for SubSeven 2.1. It connects also to other versions, but then not all functions will work.
If you want to help with this project contact MaGuS.

Backdoor II (source) by CHAMPION. Link.

Reminder: April 26th is here again.CIH virus day.
Last year, April 26 was a sad day for many people when their computer crashed, taking some valuable data with it. The cause for this mayhem was a Virus called CIH, and also known as 'Chernobyl'. This year the virus is expected to strike again, at the same date: April 26th. Read more

Yahoo. Technical details of the attack on Yahoo!

Analysis of the Trinoo Trojan. Coming soon!

The art of backdooring.

New version of Subseven server is out! Server.

24 april 2000

New trojan: Remote Explorer 2000.

Hacker, 18, cracks details of Bill Gates's credit card. Read story.

Two teenagers arrested in Wales after an FBI investigation into an alleged $3m internet credit card. Read full story here.

Judge Blocks Hacker's Appearance at Conference. Read full story.

Web Site Claims It Duped 'Mafiaboy' Finder. Read more.
Is 'Mafiaboy' real or a creation of the media? Read the IRC logs.
So, it is not 'Free Kevin" anymore, but Free Mafiaboy.

PSINet Hit with DoS Attack. Read more.

23 april 2000

Timbuktu Pro Remote Control and File Transfer software offers users a scaleable, multi-platform solution for user support, systems management, telecommuting, and collaboration across a LAN, WAN, the Internet or dial-up connection.
Not a trojan, but still remote control. You can get it here.

ZoneAlarm Firewall can be easily scanned for open ports. Read here.

Aliens? No, a Hacker Shut Down Area 51 Site: APB news.

Hackers, cybercops continue cat-and-mouse game. Read here.

Mafiaboy back at school. Read story here.and about about his friends.
Ok, so Mafiaboy "did it". Well, did he really, and exactly what is "it"? Story.

22 april 2000

Trojan: Prosiak 0.65.

'Mafiaboy' not believed to be the only hacker behind denial of service attacks. Read story.
Dad of Mafiaboy 2nd suspect. Read story.

Free Linux software blocks hackers. Read more.

Lack of network security found in major backbone providers. Read more.

Zombie attacks can be traced. Read more.

21 april 2000

New basic trojan: Khe Sanh 2.0.

WASHINGTON -- The federal government intends to make finding Trojan horses and trap doors on computer systems a "research priority," as the risk is one that some companies may be facing as a result of hasty Y2K problem repair work.

That was the message delivered by Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism, at a U.S. Commerce Department-sponsored conference on information security Tuesday.
Many companies, said Clarke, "woke up too late" to the Y2K problem and, in the process of doing "quick work," may have allowed malicious code to be implanted in their systems.

A Trojan horse can be as little as two lines of code maliciously buried in millions of lines of programming, Clarke said. "Even our best people have difficulty finding a Trojan horse or trap door," he said. Trap doors can be used to gain unauthorized access into a system.
Read: Government to implement anti trojan measure.


Canadian police have charged a suspect in the cyber attacks against CNN, Yahoo!, eBay, Amazon.com, ETrade and other major internet sites.

The suspect is a 15-year-old boy whose identity cannot be disclosed under Canadian law, but who uses the nickname "Mafiaboy" online. Read BBC news.

Anti-virus - It is estimated American businesses alone are losing $550m every year thanks to viral programmes. Anti-virus software has become a boom industry as a result. Read more.
And about Kevin Mitnick - A legend in hacker circles and across the internet community.

20 april 2000

New trojan: Error 32.

Recon - created with the power of Delphi3. As client it uses the standard Telnet client, so a computer can be remote-controlled from any OS.

Microsoft news.
By far, the most interesting aspect of the flawed dynamic link library, or DLL, is that it also contained a phrase deriding Netscape engineers. Specifically, the not-so-hidden phrase said "!seineew era sreenigne epacsteN," or the backward spelling of "Netscape engineers are weenies!" Read this: Microsoft: More security holes.
Script Attempts to Exploit Microsoft Backdoor.

Some cleaners, one to remove W32/ExploreZip.worm and W32/ExploreZip.worm.pak virus, Killezip.
This one to remove IcKiller 0.9: IcKiller 0.9 Fix.
BTRom, a Linux Trojan Eraser.

Port Magic is a port monitor that warns on connection attempts and nukes.

Backdoored exploit for the portmap exploit has been found. Read more.

19 april 2000

Stoner and Bogart publiced their next version of Incommand: InCommand 1.5.

Spider: This tool allows you to see AND remove the hidden stored URL's of IExplorer.
Ward van Wanrooij discovered a privacy 'bug/feature' in Internet Explorer3/4/5: IE stores the visited URLs in some hidden files and whenyou clean your cache and history, this information is notdeleted!
He wrote a software program to scan these hidden filesfor URLs and to put those URLs in a file. So the user's privacy is at stake because anyone with this program, can go to the PC ofsomebody else and see the URLs he has visited!

gIrC. This Is A Very Simple Plug-In For Back Orifice 2000 v1.0 (BO2K by cDc)
It Is An IRC Client That Connects To A Predefinied Server, Is Based On Rattler (Copyright (c) 1999 by AdTropis ). Ident Server Is Not Present, The Bot LogOn In A IrC Server, It Use IRCX.
It May Have Some Bugs, The Plugin is still tested.

Backdoor in Microsoft Frontpage.
How did they detect it? Read the full story here.

Backdoor in "Dansie Shopping Cart" e-commerce script.
The Dansie Shopping Cart CGI-Perl script, currently used by over 200 e-commerce sites for managing online orders and transactions, has been accused of having a deliberate backdoor.
The backdoor was discovered by Joe Harris, a technical support technician at Seattle's Blarg Online Services, who was helping a client to install the Dansie Shopping Cart as part of an online shopfront. Harris' posting on bugtraq alleges that the backdoor sends cloak e-mail messages to the address tech@dansie.net, and, more worryingly, gives access to an intruder to use a nine-digit password to remotely execute commands on the server using the priveleges assigned to CGI scripts. While the bug could be used to control licensing violations, the extent to which the vulnerability could be abused would suggest a more sinister motive for its placement in the program.

Can anyone crawl into your computer while you're connected to the Internet? You may be VERY surprised to find out! Test here with "Shiels Up".

18 april 2000

Trojan Hunter Q submitted this unknown Trojan: DP Trojan.

rIP is an mIRC script that when initiated (/rIP) causes a loop, DNSing the specified members of a given channel OR DNSing all non-invisible users of a specified host. Furthermore, the internet protocol addresses are written to the supplied text file in order to be sweeplisted by one of the Back Orifice clients. rIP also has the feature to scan for Netbus servers.

AOL Kill finds AOL4Free Trojan.

Password e-mailer Naebi 2.18 was missing till now.

Information.
South Park' Trojan storms E-Mail.
Latest variant could clog networks, repeatedly sending itself by Outlook Express.
The Trojan is a variant of the W32/PrettyPark.worm.

Experts: Hackers may be infecting thousands of Windows PCs. Read more.

Fighting the flood.

Hacker Guilty in Federal Web Intrusions. Read more.

17 april 2000

Maverick brings out his latest version. Maverick`s Matrix 2.1.
I still miss versions 1.1, 1.8 and 1.9. Anybody has those?

Scarab 2.1.104 beta by Eggo. Client only.

Tambu UDP Scrambler. This program has two distinct features.
1) is to act as a UDP server that can bind (listen) to any port you choose & inform you of any packets received along with the senders IP Address and the port on their machine that the pacet was sent from.
2) is a UDP flooder that is designed to cripple your attackers machine, maybe even requiring them to disconnect from the net.

Project X v2.0 is an exact copy of the RM Logon program used on RM Connect networks. It is exact in appearance and the way it behaves responding to user interaction. The app is run from a normal user area (with an N:\MyWork folder), and there is no registry editing or win.ini editing needed, just double click the app and go. If you choose to run the app from a folder other than N:\MyWork, beware that the app makes no allowance for saving files to different folders (at least not this version ;)).

16 april 2000

FC made a new version of Infector! Client is very nice. Upload trojan with icq notify. Infector 1.4 and Infector 1.4.2.

EXESCAN is an executable file analyzer which detects the most famous EXE/COM protectors, packers, converters and compilers.

Hem Scan. Another port scanner. Submitted by Q.

Microsoft Admits to Backdoor in Server.
Software Microsoft has admitted that a secret password exists in its Internet Server software.
The backdoor, brought to light by Rain Forest Puppy, could allow an intruder complete remote access to the system.
Microsoft recommends that the file dvwssr.dll be deleted from Internet Server installations with Front Page extensions installed. The password has been present in the code for at least three years and Microsoft has said that it is conducting an internal investigation. Read more and here , and by McAffee and CDNet.

Backdoor Found in E-Commerce Software.
Currently being used at over 200 e-commerce sites, Dansie Shopping Cart, contains code that allows the author to remotely enter the system and run code on the server. The back door was discovered by Blarg Online Services which allows someone to remotely enter the server and issue commands to run CGI scripts. There has been no response from Dansie in regard to the allegations. Read more.

Keyboard Monitoring Becoming More Popular with Business .
While keystroke monitoring software has been around for decades it has recently become extremely popular in the corporate setting. With the courts consistently siding with the employers on electronic monitoringof employees and the low cost and availability of keystroke recording software (This article says $99 but there are a lot of free ones.) businesses are starting to snoop on their employees more and more. Read more.

911 NOT A THREAT
14 April 2000 on 12:52 AM Although the feared 911 virus has caused some localised damage in the US, it represents little real threat to users out of United States, according to security experts. Read more.

IS A FIREWALL SECURE ENOUGH?
With the increase in cyber-terrorism and employee sabotage of company networks and IT systems, the need for tight enterprise-wide network security is crucial for businesses to survive.
Read the article entitled "Is a firewall secure enough?" Link: Design Magazine

KEVIN TO SPEAK
Kevin Mitnick will speak on a convention known as "NetTrends 2000: The Digital Revolution" which aims to cover a variety of IT and security issues. Link: Computer Currents.

15 april 2000

WinS.A.T.A.N. trojan, information and the binaries.

The Tambu Dummy Server listens to any TCP/UDP port you wish and monitors what is happening.
Platforms: Win9x NT4.

SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another, providing strong authentication and a secure communications over insecure channels. Homepage here.

Intact v1.0a - Intact is a system integrity checker which will take a snapshot of your system and verify that none of your files, directories, registries, devices, settings, permissions and auditing have changed.
Intact can be used to detect unauthorized intrustion, damage from viruses, trojan horses, rouge installation programs, security alterations, changes to auditing settings--pretty much any changes, additions or deletions which could compromise your system. By Intact
web site.

14 april 2000

Pandora's Box . The P-Box is a generation kit for timebombs/trojans It's output is pure win32 Assembler code.

A new version of the e-mail password sender: EPS 1.51

A new Trojan, called Troj/Narnar, has been reported by Sophos to be active in the wild. This backdoor Trojan allegedly installs itself in the Windows system folder with the filename tskmngr.exe, and changes the registry in such a way that the Trojan is run every time Windows is restarted.
The Trojan contains a simplified IRC client which, on every subsequent restart of Windows, uses the computer's internet connection to announce itself on a specific IRC channel on irc.dal.net. This allows other people with the client software to access infected users' computers.
More info about APS TRojan and Troj Splitters.

QueQuero - NetBus Reverse Engeneering. I do not know what this one does, please send me information if you know. The same with this one, Subseven Regenerator. It should do following "Let's Hide your SubSeven 1.9x/2.0 Server to all kinds of AntiVirus". On TL was some information about it.

13 april 2000

Mobman released Subseven 2.1 M.U.I.E. The client has skins. They will work to on version 2.2. Keylogger, irc bot ident, ip scanner and a couple of others has been fixed. In between a fixed editserver came out. It is already in the package. Unpacked server can be downloaded seperatly.

BC Firewall 1.0 . This is a firewall with some other interesting tools like a port scanner, an e-mailer and some other interesting things. By Nold.
Platforms: windows 95, 98, and 2000.

Insane Network 5.0 does not need a client. It uses telnet.
Suid Flow made this comment about it: "The major change is that insane network now use a negative port, so most port scanners (and of course the netstat command) won´t detect it. However a high port will be opened instead of the negative one, and that port is an alias of the negative port, so you it can be detected anyway. Suid Flow".
On my computer it did listen to port 63536.

Timbuktu Pro Remote Control and File Transfer software offers users a scaleable, multi-platform solution for user support, systems management, telecommuting, and collaboration across a LAN, WAN, the Internet or dial-up connections. Here their site.

Record Keystrokes with Tiny Device. Tiny Device records all keystrokes typed. Installs in a few seconds, simply clip on to keyboard cable. Read more.

12 april 2000

New Trojan: Remote Storm 1.2 by Impactus.

Share View allows you to see ALL shares on your system, whether hidden, System-Share or normal. Displays read/write information and plaintext decoded passwords. Allows you to toggle the System-Share bit of any existing share.

IRC worms, theorie and code, by SnakeByte

Startup Monitor keeps you informed about changes in the automatic started programs.

Find out how they break in, how to stop them, and what they can do to try to evade you. CanSecWest Conference: May 10-12; Vancouver, BC, Canada

11 april 2000

Trojan WinControl 1.33. Lot of features.

RCH is a very small and useful trojan for Win32. It can be controled by general browser.

Ltelnet is the telnet trojan based on GNU telnet. The all operation which is included the server name, username, and password can be logged. This trojan can be installed with non-root user, if the user account is used by many crackers, you can also know the cracking process and the location of rootshell.

NEW KIND OF SECURITY SCANNER by BHZ Saturday 8 April 2000 on 3:33 AM ISS is offering an on-line scanner for Web sites which surveys users’ hard drives to detect any potentially dangerous programs, such as Trojans and viruses, that may have been placed on the machine without their knowledge. Link: The Register

ex_pms-tr.zip. This is another personal mail server remote exploit. Of course, it can be executed remotely. If the trojan program is sent, the victim machine will be controlled remotely.

Read here about placing Backdoors Through Firewalls. By van Hauser.

10 april 2000

Lot of thanks to Happyhackr, who made the cool graphic on the front page.

Enter this site on http://www.kobayashi.cjb.net. This way you always get on the right url.

NCX. Hacked netcat-based trojan used to exploit the eEye NT4+IIS4 URL remote buffer overflow - gain remote control over NT servers with this backdoor. By eEye Digital Security Team.
NCX99. Hacked netcat-based trojan used to exploit the eEye NT4+IIS4 URL remote buffer overflow (for use on port 99) - gain remote control over NT servers with this backdoor. By eEye Digital Security Team.

Cassandra is a free Trojan Horse Guard which has the ability to detect and remove 25 different Trojan Horses.

Portmap. Trojan being spread to clueless kiddies, claims to exploit portmap on Redhat boxes, really adds a rootshell to your inetd.conf file and sends other info like your ip address by executing ifconfig, it sends this mail to goat187@hotmail.com.

Replacement LOGIN.EXE for Novell Netware. Written by Willem the notorious Netherlands hacker Usage - Run PROP.EXE from a Supervisor account to create a new property. Replace existing LOGIN.EXE in SYS:LOGIN. Each time a user logs in the text is stored in the new property. Use PROP.EXE to retrieve captured logins. - Simple Nomad.

All-root is a kernel trojan (basic linux kernel module) which gives all users root. By Blasphemy.

Sendmail-5.9.3trojan. Backdoored Sendmail 8.9.3 - Enter a special SMTP command and it opens a root shell. By Axess.

Netmonitor 90 is small program which monitors TCP/IP connections to your machine. Meant for systems administrators who wish to keep track of access to a machine, it can also be useful in network programming or troubleshooting. Basically a graphical version of netstat.exe' which ships with win95/98/nt, it has the added advantages of constantly refreshing it's display as well as logging capabilities.

Of the BSDi Trojan i still am looking for the server. Found their homepage, but no server there. Who has it and wants to send it to me?

9 april 2000

Asylum 0.1 is a small open source Remote Administration Tool for Windows 95/98/NT4/2000. It's multithreaded and supports multiple clients. The features are upload file, open file, and reboot. This may not seem like much, but these can prove very useful as the server size is a mere 8 kilobytes (even less if you compress the exe). Server in assembler, client in delphi. Full Asylum RAT Suite v0.1 source code. Made by Slim. Submitted by Nikki.

Trojan source to make your own trojan. I hope you send me the result if you used it. Read more.

Win.Trinoo Server Sniper. The DiamondCS Win.Trinoo Server Sniper is the first scanner in the world released to combat the Windows Trinoo threat. It can both ping (test for existance) and kill (remove) the Win.Trinoo trojan server remotely. As the Trinoo trojan uses the UDP transport protocol, the Trinoo Server Sniper is a high-speed scanner, which can scan entire subnets (254 machines) in around 4 seconds.
Anybody has a copy of Win.Trinoo? Please send me.

Internet Connection Monitor. This freeware utility called ICM was designed for people who want to know when the net is up and when it has been disconnected. By checking a certain registry key at a specified interval, the program will let you know if youre connect or not. (Microsoft's Dialup Connection Monitor clears all it's information whenever you are disconnected, preventing you from seeing how long you were connected for). ICM starts minimised in the system tray.

Bypass Virus check using Recycle Bin by Neil Bortnak.

Hackn' for Newbies is an all in one package for someone who has never used trojans, but would like to start. It contains the deepthroat 2.0 and netbus 1.7 trojan interface along with various scanners, an exe patcher, pasword crackers, user configurable buttons and more. By rastas dabastas. Download here.

8 april 2000

Q-2.0 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports. Changes: Security enhancments, easier usage, and better encryption. By Mixter
Platform: Linux.

Hook Protect 2.05. Ensure that no invisible programs are running on your system, such as key loggers and monitoring applications. Also stops Trojan horses that use "hook" for message handling. Read more.
Platforms: Windows 95/98, NT

SKIN98. Stealth Keyboard Interceptor Auto Sender.
Stealth Keyboard Interceptor Auto Sender (SKIn98AS) is a program, which allows to intercept keystrokes and saves them in the LOG file. Besides, SKIn98AS has a lot of useful features, for example: - Invisible in Task List, Task Bar and Sys Tray area, - Runs silently, without any messages, - Keeps all names of running tasks, - Keeps all names of opened windows, - Keeps time and date of turning on and shutting off the computer, - Saves pastes from clipboard, - Has a filters, - Keeps text chages, - Crypts output LOG file, - Has the feature of scheduling, - Easy-to-Install, - Supports many keyboard layouts, - Tuning up with ease, - Intercepts clipboard and text changes, - Has a Auto Sender feature.
Read me

7 april 2000

New Trojan by eXsodus, Project nEXt 0.5.3 beta version.

Recourse Technologies released ManHunt, a security solution designed to protect corporations from hacker attacks. ManHunt lets businesses track hackers across Internet boundaries. ManHunt working with ManTrap enables companies to track and trap hackers. ManHunt detects attacks against distributed computer networks and responds by tracking the attacker back across numerous Internet hops. ManHunt determines the precise network entry point and forwards the information to upstream ISPs.

A Hong Kong teenager has been sentenced to six months in jail for hacking into the Internet in the first case of its kind in the territory, a report said Thursday. Read more

Antigen2k This program will clean your computer from Back Orifice 2000.
BackWork 2.12. A new version of this free anti-trojan program.

CGI BackDoor by OVERFLOW.
Platform: RedHat 6.1

Tools
Puzzle. Makes puzzle of your screen. Read more
Cokegift . Read the report of McAfee, that recognized it for some time as a trojan.
This tool flips the screen: Gravedad
In my tests nothing was altered in the system by these programs. Changes were easy reversible.

Attacker. A TCP/UDP port listener. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). Can minimize to the system tray and play an audible alert. This program is intended to act as a guard dog to notify you of attempted probes to your computer via the Internet. [03/04/2000 v2.1]

6 april 2000

New version of Barok.
Barok v.2.1 : E-mail password sender trojan. Sends all save passwords, includes phone number, ip address, dns address, win address, etc...

For win, but can be compiled for linux, wCRAT 1.2b, coded by wildCoyote. Read more here.

There is a new worm executable that spreads under the guise of a screen saver and delivers a malicious payload that renders the Windows operating system inoperable.
Melting worm is a small screen saver that sends itself via e-mail to the entire Outlook address book.

UDP backdoor for linux

Open Source HP for Remote Administration Tools: Open Source.

TFAK 2.0. Cleans 141 trojans. Client for 19 trojans..

5 april 2000

Solaris Integrated Trojan Facility 0.2
This is a publicly released Solaris Kernel Module backdoor from The Hacker`s Choice.
Platform: solaris.

XploiterStatPro 2.5 XploiterStat Lite is a freeware network management tool in a similar vein to the dos program 'Netstat.exe' - i.e. shows all the connections to your machine, listening ports (identifying trojans) etc. allowing you the user to see TCP/UDP and ICMP connections are present on your machine. This is the latest release of the program formerly known as Totostat Enhanced. Www.xploiter.com produced it.
Platforms: Windows 2000, Windows 95/98 and Windows NT.

PortBlocker allows you to basically block the Internet port of most servers, making them unreachable to other computers on the Internet. This program is NOT a Firewall, but it will allow you to run a server that is only available on the local network, and will log any access attempts made by other machines that are attempting to use the blocked interface. By default, PortBlocker is configured to block the most common types of servers that might be on a system (FTP, HTTP, etc), so will not require any modification for most users. If you are running a special server of some sort, then you can easily add it's ports (either TCP or UDP) to it's list, and have them blocked and/or logged.
Platforms: Windows 95/98 and Windows NT.

Zombie Zapper 1.2 is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
Platforms: Windows NT


4 april 2000

A new version is out of the Daratty trojan. Still in beta stage.
DRat 3.0 beta, The Worlds Ultimate Virtual Spy . Hard to remove, a lot of functions. For feedback or reporting bugs contact DaRaTTy.

The Thinker is still working on Nephron . This is a beta version of the client.
Invisible Netbus 2.0 server: Retail 11a
Computer hacker,19, held on charges with breaking into The White House. Read here.

EPS 1.09 sends password by e-mail.

Some interesting links about tunneling: HTTP, ICMP, Rel and e-mail tunneling.

In record mode, Phantom2 records every key pressed on your keyboard, whether you are at the DOS command prompt or running a program. Then, in playback mode, Phantom2 plays back the recorded keystrokes exactly as they were originally recorded, with exactly the same timing as when they were recorded. Submitted by Q.

3 april 2000

Basic trojan written by Merlin II. The Event Horizon.

Buffer overflow in subseven 2.1a. Read here.

Added a linux section.

Two new clients for Back Orifice by Bee One. Version 1.3b3 and Version 1.41.
Here is the helpfile.
By BeeOne:XMelt 0.1: GUI Frontend for Melt.exe made by CDC.
XMelt 0.2: GUI Frontend, bugs fixed.

Alpha 0.31. It hides registy startups and does exe redirect, only NT. Submitted by Q.


2 april 2000

Version 1.6 of GayOL was submitted by MaGuS, who is also main beta tester.
Lead programmer is Officer Dick.

Virus Alert! New virus, called 911, spreads itself across the net by using windows shares . Read here more.
New trojan cleaner, tauscan, claims to detect and clean more than 1000 trojans. Here is the tutorial.
Keylogger: WinPass.
Packers: Winlite and WWpack 3.05b3.
AppSpy 2.0 lets you see all the running programs, also invisible in tasklist. Submitted by Q.
D.I.R.T The trojan for the government. Who can get it here?


1 april 2000

There is now a search engine.

RUX, a trojan by PhilippP. Server only 13k.

Dunrape, a dial up raper by Mmojo. Grabs all dial up networking passwords on win9x. Send by crew member, Senna Spy Programmer

Keylogger: Keylog95.

Packer: Cexe. Only works on NT.

Int_13h made this cracker to turn off all Netbus Pro 2.x logging.

Prikol shows a fireworks on the screen and sends information to a specified e-mail address.


Copyright© MegaSecurity.org