• Choose a category
• All
• Classic-Fiction

Donald Dick is a backdoor Trojan for Windows OS's that allows a hacker full access to a system over the Internet. The hacker can read, write, delete, or run any program on the system. Donald Dick also includes a keylogger and a registry parser and can perform functions such as opening or closing the CD-ROM tray. The attacker uses the client to send commands the victim listening on a predefined port. Donald Dick uses default port 23476 or 23477.

NetBus is a Windows GUI Trojan program and is similar in functionality to Donald Dick. It adds the registry key HKEY_CURRENT_USER\NetBus Server and modifies the HKEY_CURRENT _ USER\NetBus Server\General\TCPPort key. If NetBus is configured to start automatically, it adds a registry entry called NetBus Server Pro in HKEY_LOCAL_MACHINE\Software\Mi crosoft\ Windows\CurrentVersion\RunServices.

SubSeven is a Trojan that can be configured to notify a hacker when the infected computer connects to the Internet and can tell the hacker information about the system. This notification can be done over an IRC network, by ICQ, or by e-mail. SubSeven can cause a system to slow down, and generates error messages on the infected system.

BackOrifice 2000 is a remote administration tool that an attacker can use to control a system across a TCP/IP connection using a GUI interface. BackOrifice doesn't appear in the task list or list of processes, and it copies itself into the registry to run everytime the computer is started. The filename that it runs is configurable before it's installed. BackOrifice modifies the HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices registry key. BackOrifice plug-ins add features to the BackOrifice program. Plug-ins include cryptographically strong Triple DES encryption, a remote desktop with optional mouse and keyboard control, drag-and-drop encrypted file transfers, Explorer-like filesystem browsing, graphical remote registry editing, reliable UDP and ICMP communications protocols, and stealth capabilities that are achieved by using ICMP instead of TCP and UDP.

BoSniffer appears to be a fix for BackOrifice but is actually a BackOrifice server with the SpeakEasy plug-in installed. If BoSni ffer. exe, the BoSniffer executable, is run on a target system it attempts to log on to a predetermined IRC server on channel #B0_OWNED with a random username. It then proceeds to announce its IP address and a custom message every few minutes so that the hacker community can use this system as a zombie for future attacks.

ComputerSpy Key Logger is a program that a hacker can use to record computer activities on a computer, such as websites visited; logins and passwords for ICQ, MSN, AOL, AIM, and Yahoo Messenger or webmail; current applications that are running or executed; Internet chats; and e-mail. The program can even take snapshots of the entire Windows desktop at set intervals.

Beast is a Trojan that runs in the memory allocated for the Wi nLogon. exe service. Once installed, the program inserts itself into Windows Explorer or Internet Explorer. One of Beast's most distinct features is that it's an all-in-one Trojan, meaning the client, the server, and the server editor are stored in the same application.

CyberSpy is a Telnet Trojan that copies itself into the Windows system directory and registers itself in the system registry so that it starts each time an infected system is rebooted. Once this is done, it sends a notice via e-mail or ICQ and then begins to listen to a previously specified TCP/IP port.

SubRoot is a remote administration Trojan that a hacker can use to connect to a victim system on TCP port 1700.

LetMeRule is a remote access Trojan that can be configured to listen on any port on a target system. It includes a command prompt that an attacker uses to control the target system. It can delete all files in a specific director, execute files at the remote host, or view and modify the registry.

Firekiller 2000 disables antivirus programs and software firewalls.