_________ SWAT MAGAZINE ISSUE EIGHTEEN: JUNE 1999 __________ / \___________________________________________/ \ / Almost Full (well, the good ones) Trojan Listing \ / By mist350 \ ----------------------------------------------------------------------- Here follows a listing of all the best trojans I have come across. Yeah, they are lame, but can be quite usefull if you need to get some info. or other important stuff from someones computer, and they dont agree. Well, here's the trojans. It might look a large file, but there's 5 versions of netbus in there. ---------------- --Back Orifice-- ---------------- The most well known trojan. Included files - Bo.txt BoClient.exe <--- DOS based client BoConfig.exe BoGui.exe <--- client program BoServe.exe <--- server file Freeze.exe Melt.exe Plugin.txt Installs on port 31337 Full features - App Add App Del Apps List Directory Create Directory list Directory remove Export add Export delete File find File freeze File melt File view HTTP Disable HTTP Enable Keylog begin Keylog end MM Capture avi MM Capture frame MM Capture screen MM List capture devices MM Play sound Net Connections Net Delete Net Use Net View Ping Host Plugin Execute Plugin Kill Plugins list Process Kill Process list Process spawn Redir add Redir del Redirs list Reg create key Reg delete key Reg list keys Reg list values Reg set value Resolve host System dialogue box System info System lockup System passwords System reboot TCP file receive TCP file send Because this is very well known, there's loads of patches out to delete the server file, so be carefull when (if) you send it. ------------ --Blazer 5-- ------------ Remote hard disk access only, and my client file is password protected (why?) Password is ClaudioClaudioCC (case sensitive) Oh yeah, and mine is all in french. Included files - Blazer5.exe <---client file port5000.exe <---server file readme.txt TL.txt Installs on port 5000 Full features - Erm, its all in french, and I dont really want to click on something dodgy while I'm tesing it on local host. so, here's what I gather. List of ports Make beep sound Reboot Execute Print B.D (registry) something to do with mIRC DNS lookup And a big button that says hard drive. If you can speak french, this is the one for you. (someone send me an english copy - please?) -------- --Cain-- -------- Yeah, cain isn't actually a trojan, but its in my trojan directory (over 65meg) so its gonna be included. It gets local passwords. Locally. Included files - Cain.exe <--Cain client Passwords.txt puffs.dic <--Dictionary list Readme.txt Users.txt Doesn't install on any port Full features - Attack local : Shares PWL files Screen Saver Cached Passwords Attack remote : Shares It can do basic windoze stuff And it can be configured for different types of attack Good to use if you're ever alone on a friends computer. (see 'anarchists cookbook' for better ideas) -------- --Exec-- -------- Now this is one evil mutha. It's a trojan that only contains destructive features. And fucking loads of them. Included files - Commands.txt Controller.exe <--Client file Decryptor.exe Exec.exe <-- Server file Executer.zip <--server in a zip Readme.txt Testing mia.se <--if you find this, then you are infected (ha!) It says it installs on port 80, but it was port 1024 on my local host. Full features - (ripped from the text file 'Commands.txt') DestroyDblClick -Destroy Mouse Double Click DestroyDesktopColors -Change All System Colors To Yellow Disconnect -Hang Up All Connections DestroyCtrlAltDel -Disable CTRL+ALT+DEL Keys DestroyCursorPos -Set Cursor Position To 0,0 DestroyTrayWnd -Hide Windows TaskBar DestroyWindows -Reboot Computer EnableMadMouse -Enable Jumping Mouse RestoreDblClick -Enable Mouse Double Click RestoreCtrlAltDel -Enable CTRL+ALT+DEL Keys RestoreTrayWnd -Show Windows TaskBar DisableMadMouse -Disable Jumping Mouse CopyProgramToWindowsDir -Copy EXECUTER To C:\Windows\ Directory AddProgramToStartup -Add EXECUTER To Windows StartUp Message1 -Show Message-'Hello' Message2 -Show Message-'Hello bitch!!!!!!!!!!!!!!' Message3 -Show Message-'Do u ready to fuck your system?!!!' Message4 -Show Message-'ShutUp bitch!!!!!!!!!!' Message5 -Show Message-'Get ready to start!!!!!!' Message6 -Show Message-'Thats All bitch!!!!!!!!!' DeleteLogo.Sys -Delete C:\Logo.sys DeleteWin.Com -Delete C:\Windows\Win.com DeleteIo.Sys -Delete C:\IO.sys DeleteSystem.Ini -Delete C:\Windows\System.ini DeleteWin.Ini -Delete C:\Windows\Win.ini DeleteConfig.Sys -Delete C:\Config.sys DeleteAutoexec.Bat -Delete C:\Autoexec.bat EnableScreenPaint -Enable Paiting On The Screen('DIE!!! DIE!!! DIE!!!') DisableScreenPaint -Disable Paiting On The Screen('DIE!!! DIE!!! DIE!!!') EnableManyForms -Enable Creating Of Many Forms With Caption ('DIE!!! DIE!!! DIE!!!') DisableManyForm -Disable Creating Of Many Forms With Caption ('DIE!!! DIE!!! DIE!!!') This is the one to use if someone has *really* pissed you off -------------- --Girlfriend-- -------------- This remote password stealer is good, in that you dont have to use the client file to steal the passwords. I'm pretty sure you can connect to a host computer using telnet, but I might be wrong. GirFiend Server sits on infected computer and looks for windows in which user enters passwords. The server writes these passwords with other text fields in that window to a registry key and will send this list on your demand. Included files - gf.exe <--client file windll.exe <--server file (mine 'mysteriously' dissapeared. Better watch out for that!) gf.txt vc's passwords.txt <--this is the password file I ripped from someone. (read on) The server installs on port 21554 Full features - Show passes Send message Reset password list Custom It dosent look much, but have a peek at this...... -------------------------------------------------- Actual password file sent from this guys computer. -------------------------------------------------- [1]cDc Back Orifice Win32 GUI Client [2] [3] 31337 <--if his BO server file was passworded, it would appear here [4] log [5] 127.0.0.1 [6] [7] [8]Welcome to Windows [9] Pauline Wilson <-- The name he logged in to windows under [10] [11] d [12] e [13] eli [14] elizab [15] elizabe <--could be windows login password [16]Dial-up Connection [17] wil1804.freeserve.co.uk <-- his e-mail address (chris@wil1804.freeserve.co.uk) [18] [19] el [20] elizabeth [21] eliz [22] e [23] elizab [24] Freeserve [25] 0845 [26] 0796699 <-- Freeserve DUN number [27] eli [28] elizabe [29]32972008 <--ICQ number [30] Enter Search Keyword [31] [32] g [33] genie8 [34] genie850 <-- hmm, can this be his ICQ password? (still is) [35] gen [36] genie85 [37] geni [38] genie [39] ge [40]Yahoo! Pager <--now for yahoo passwords [41] [42] c [43] coolvc [44] coolvcman <--ooops, there's his ID [45] a [46] co [47] coolvcm [48] ab [49] coo [50] abc <-- and there's the password to match. (crap password) [51]Connect To [52] Freeserve [53] wil1804.freeserve.co.uk [54] [55] 0 845 0796699 [56] eliza [57] elizabeth <-- elizabeth could be the login password for wil1804.freeserve.co.uk ?? [58] e ---------------------------------------------------------------------- Well, it might come in handy. (one of these passwords still works!!!!) ---------------------------------------------------------------------- I think you get the idea. I'd advise this one because its nice and discreet, and gets most passwords. You just have to search through all the junk. -------------------- --Masters Paradise-- -------------------- This one looks like its got potential, but I didn't have the time to have a good look at it. Included files - Autopoll.ini Deutsch.ini English.ini Paradise.ini Paradise.exe <-- This is the client file This one dosent actually have a server file, so it might not be a trojan as such, but I think it has remote disk access. Oh, and theres spaces for IP addresses. Any info on this would be appreciated. ------------- --Millenium-- ------------- This is a remote access program thats not unlike back oriface, and netbus. When I was writing this t-file, Millenuim just refused to connect, and wouldn't give me access to its features, so I'll just have to quote from the text file. Included files - Blonde.exe <--Server. (mine is called spy.exe)(?) Client.exe <--client readme.txt This program dosent specify a port. Full features - Shutdown Remote Computer Restart Remote Computer Log-Off Remote Computer Restart Remote Computer in MS-DOS Close Remote Computer Spy Remove Remote Computer Spy Open Remote Computer CD-ROM Close Remote Computer CD-ROM Disconnect Remote Computer Disable Ctrl+Alt+Del On Remote Computer Enable Ctrl+Alt+Del On Remote Computer Hide Remote Computer Taskbar Show Remote Computer Taskbar Turn Caps Lock On On Remote Computer Turn Caps Lock Off On Remote Computer Turn Num Lock On On Remote Computer Turn Num Lock Off On Remote Computer Change Remote Computer Computer Name Change Remote Computer Recycling Bin Name Swap Remote Computer Mouse Buttons Unswap Remote Computer Mouse Buttons Set Remote Computer Cursor Position Show Remote Computer Cursor Hide Remote Computer Cursor Get Mouse Double Click Speed Of Remote Computer Set Mouse Double Click Speed Of Remote Computer Get Remote Computer Windows Mode Get Remote Computer Amount Of Mouse Buttons Get Remote Computer Windows Run Time Get Remote Computer Free Space On C:\ Get Current User Logged In On Remote Computer Get Serial Number Of Drive C:\ On Remote Computer Get Remote Computer Temp Directory Get Remote Computer Windows Directory Get Remote Computer Windows System Directory Get Resolution Of Remote Computer Set Resolution Of Remote Computer Start Remote Computer Default Screen Saver Set Remote Computer Start Menu Pop-up Speed Add A Line To Remote Computer Autoexec.bat File Get Percent Of Memory Used On Remote Computer Get Number Of Bytes In Physical Memory Of Remote Computer Get Available Bytes Of Physical Memory On Remote Computer Get Total Memory Amount In Page File On Remote Computer Get Available Memory Amount In Page File On Remote Computer Get Total Amount Of Virtual Memory On Remote Computer Get Available Amount Of Virtual Memory On Remote Computer Pop-up Remote Computer Message Delete Files Copy Remote Computer Files Rename Remote Computer Files Create Remote Computer Files Close Remote Computers Programs Get List Of Running Remote Computer Programs Set Spy Password On Remote Computer It looks interesting, and upgrades are promised. Hopefully I'll get the client working, and find out what it can really do. -------------- --Netbus 1.2-- -------------- Familiar territory now. Simple to use trojan, and it can be found absolutely anywhere. Included files - Keyhook.dll <--gotta be present when the server is run Netbus.exe <--client file Netbus.rtf Sysedit.exe <--server (use with keyhook.dll) This version (1.2) dosent specify any port settings. Full Features - open cd-rom start cd timer show image swap mouse start program message screendump get user play sound exit windows send text mouse position listen steer mouse got URL Close me Sound volume open program/URL set timer interval and delay Usefull for begginers, but get a later version. --------------- --Netbus 1.53-- --------------- Its just netbus 1.2 with a few features bolted on. Included files - hosts.txt keyhook.dll <-- the ever present (and manditory) .dll memo.txt netbus.exe <-- the client file netbus.rtf sysedit.exe <-- and the server. (remember that .dll) This version still dosent specify port settings Full Features - open cd-rom start cd timer show image swap mouse start program message screendump get info play sound exit windows send text upload file mouse position listen sound system control mouse got URL download file open program/URL set timer interval and delay Once again, good for beginners, but get at least version 1.6 -------------- --Netbus 1.6-- -------------- Now the dodgy .dll has dissapeared, thing start to get less suspect. Included files - hosts.txt Netbus.exe <-- the client file Netbus.rtf Patch.exe <-- at last, and all in 1 server for netbus No port settings yet. Fingers crossed for 1.7 :-) Full Features - server admin!!! : Change password Close server Remove server open cd-rom show image swap mouse start program msg manager screendump get info play sound exit windows send text active windows mouse position listen sound system control mouse got URL download file open program/URL key manager file manager At last, a file manager on netbus. And a password function. This is a manditory download, just cos its a piece of history. (it will be once the last trojan in the file becomes known! 3:-) ) -------------- --Netbus 1.7-- -------------- At last, the best version in the series. Nice compliment of functions, and loads of cool stuff. And a port manager. Included files - This program has been well used, so its got a few extra stuff, like screen grab files and stuff. I'll list them all anyway. hosts.txt memo.txt netbus.exe <-- the client file netbus.rtf netbus170.exe (?) nethacker.exe (?) patch.exe <-- the server file temp1.dsk temp1.jpg temp1.wav I think the other 2 .exe files are my own variations on the standard server. probably. The port manager says.....port 12345. and it works Full Features - server admin!!! : add IP remove IP close server remove server open cd-rom show image swap mouse start program msg manager screendump get info port redirect play sound exit windows send text active windows app redirect mouse position listen sound system server setup This allows ICQ and e-mail notify, and you can set the password, and port and stuff. control mouse goto URL key manager file manager add IP del IP and the *scanner!!!!* This is the best version of netbus by far. ------------------ --Netbus 2.0 pro-- ------------------ I'd just give this one a big miss. There are reasons why (its a setup file to install, and it leaves reg keys - amongst other reasons) but I wont go into them. Just dont use it unless you have to. -------------- --phAse zero-- -------------- It just looks like your average netbus/BO clone, but it can trash the server. I'm getting pissed off with all this typing, so i'll paste the attached .txt file...... phAse zero is remote administration tool composed of a server running on all current win32 platforms (windows NT / windows 95 / windows 98), a graphical user interface (GUI) and an installer. some of the features of this first release (1.0 beta): o integrated remote ftp client o remote file system control o spawning of processes o functions to manipulate the windows registries o restricting access to the phAse server via ip masks o configurable registry/executable name and server port and much more (see the list below for a complete listing). in order to install phAse zero on a server, copy the three exe files (setup.exe client.exe phase.exe) to a directory and run setup. a dialog box will appear; if you don't want to change the default settings for the registry, click on 'yes' to proceed. next, you will be prompted for the port to use (default is 555) and an optional ip mask. if you specify the ip mask, only users from a certain host will be allowed to access the phAse zero server. you can leave this field blank if you don't need access restrictions. these are all valid ip mask formats: 123.45.67.8 123.45.67 123.45.6 123.45. 123.45 etc. the installer will write to the windows registry and install the server's executable (one file). then control is returned to the user. please note that the executable file size is random. if you need further "security" you may change the default registry keys (key name and file name) using setup.exe. once the server is installed, it runs hidden from the tasklist and the taskbar and uses CPU time only when needed. to activate phAse from remote, use the GUI interface (client.exe). you just need to enter the server's host name or ip address and the port that you have chosen during the installation (the default is 555). now, click on OK. the server will respond with its version name and number. select the command you want to use and click on it: one or more parameters (edit boxes) will be activated if necessary. fill in all the required parameters and press the SEND button. to terminate the current session, you can either click on OFF or enter the "terminate session" command (followed by the SEND button). these are all the commands currently implemented in this version of phAse zero, along with their parameters: FTP UPLOAD tell the server to upload the specified local file via ftp to remote path FTP DOWNLOAD tell the server to download the specified remote file via ftp to local path EXECUTE [s|h] execute a file (S=show window, H=hide window) CHANGE DIRECTORY LIST DIRECTORY a file mask is required, path is optional (example: D:\WINNT\*.*) CREATE DIRECTORY REMOVE DIRECTORY SHOW CURRENT DIR COPY FILE MOVE FILE RENAME FILE DELETE FILE TYPE FILE type the specified text file HEX TYPE FILE shows an hexadecimal dump of the specified binary or text file SHOW DIALOG BOX shows the specified message into a dialog box on the server LOCKUP SERVER locks up the server TRASH SERVER trashes the server and locks it up REG CREATE KEY create the specified registry key REG DELETE KEY deletes the specified registry key REG DELETE VALUE deletes the specified registry value REG CHECK KEY determines if a key or a name exists REG SET CURRENT KEY sets the currently open registry key REG READ KEY VALUE read the specified key's value REG WRITE KEY VALUE creates or updates the specified key and associated value REG LIST KEYS lists available keys in the currently open key REG LIST VALUES lists available values in the currently open key TERMINATE SESSION terminates the current session only UNLOAD SERVER terminates all connections and unloads the server please note that this is the first public beta of phAse zero, and it is by no means complete. possible future additions: file sharing support, stealth key logging, media player, integrated port and host scanner, plugins, etc. -------------- --Protogenic-- -------------- (oh yeah, get a hold of their mail trojan) The functions on this captured my imagination. Here's the .txt file...... he server will pop-up a message "Runtime error 403 wrong statement" so the user thinks aha! this program have an error and thinks its not started .... pretty g00d to fool people, but when the server is installed in autostart no message will pop-up. -------------------------------------------------------- Stuff to Get Or Change(MAIN Funktions) COMMAND FUNKTION get passwords = get all the Cached passwords the current user have. get drives = get all drives... get ie-security = get information about IE and security... get isp = get the name of ISP get isp-user = get isp-username get win.ini = get remote win.ini Displayed in a text-box get msdos.sys = get remote Msdos.sys same as above get email = get e-mail stuff (user) (pass) (servers) get user = get windows username get urls = get latest visited URLS get backup = get where the windows backup files is located get startpage = get the startpage for IE4.x only get printer = get the printer Default used by windows get resolution = get the resolution get icq = get icq path and uin get areacode = get the AreaCode for DialUp get background = get the background file (path) get shell-folders = get the 'important folders' (Shell) get screensaver = get if screensaver is 'Activated' on restart get outlook = get outlook express path (if installed) get info = get all info (Windows version) (owner) more... get winzip = get WinZip version (serial) (name) get time = get RemoteHost time.... get proxy = get the proxy`s if used... get wordpad = get info about latest readed files g00d if you wanna check files sound system = this will start to beep like crazy...Beep!Beep! stop sound = this will stop sounding the system flopp mouse = this will start moving the mouse like crazy aroun the sceen stop mouse = makes the mouse back to normal set screen-black = makes the hole screen black normal screen = makes the screen back to normal close icq = shutdown RemoteHost icq if running..... capslock on = set capslock on capslock off = set capslock off hide mouse = Hide RemoteHost mouse show mouse = Show RemoteHost mouse swap mouse = Swap RemoteHost mouse buttons restore mouse = Restore the buttons again hang up = Start about 90000000 notepad windows and Freeze`s WIN computer-name = Get the name of the computer listen = Listen all keystrokes stop listen = Stop listen the Keys active-screen = activate the screensaver on restart screeno = inactivate the screensaver on restart opencd = open RemoteHost cd-rom closecd = close RemoteHost cd-rom shutdown = shutdown RemoteHost computer reboot = restart RemoteHost computer kill-icq = delete the icq from RemoteHost close server = shutdown remote server (still autostart) remove server = shutdown the server and remove it from autostart -------------------------------------------------------- Deleting Stuff Command del:pathname Funktion Example del:c:\windows\win.ini this example will delete RemoteHost win.ini file -------------------------------------------------------- Running Programs Command run:pathname Funktion Example run:c:\windows\explorer.exe this example will run RemoteHost explorer.exe -------------------------------------------------------- SendMessage Command msg:Hey im your enemy Funktion This example will send a popup message with the text "hey im your enemy" -------------------------------------------------------- SendText Command text:Hey im your enemy Funktion this example will send the text "hey im your enemy" if the person is running notepad the text will just appear in the document where the TextTool is.Otherwise in all writeable Text-Areas -------------------------------------------------------- GoTo Web page Command web:www.adress.com Funktion This example will make RemoteHost goto page www.adress.com -------------------------------------------------------- Port Redirection (Open Port) Command port:33333 Funktion This example will make the server connectable on port 33333 you can choose what number you want max 5 chars. Only numbers -------------------------------------------------------- StartPage Command page:www.adress.com Funktion This example will make the RemoteHost goto www.adress.com when starting Ie4.x-5.x -------------------------------------------------------- Owner Of Computer Commands name:HackedBYus This example will change the RegisteredOwner of the RemoteHost computer to 'HackedBYus' You can change it to whatever you like -------------------------------------------------------- DIR FUNKTION Command dir:c:\ This example will list all (files/dirs) in c:\ Note: If you wanna list for example c:\windows\ DONT forget to type 'c:\windows\' and not c:\windows You have to have Backslash the last letter.Dont forget to end with "\" otherwise it wont work. Note: dirs will be listed with (*)Name like C:\ (*)Windows ->Direcotory (*)Program Files ->Directory Autoexec.bat ->File Msdos.sys ->File -------------------------------------------------------- OPEN FILES Command open:c:\autoexec.bat This example will open RemoteHost autoexec.bat for you. it supports only a few file exstensions like below *.log *.ini *.txt *.bat *.frm *.doc *.htm *.html *.pwl -------------------------------------------------------- Close A PRogram Command close:explorer This commands will close the RemoteHost explorer. Note: you must now the name of the window. Ex if you wamma close RemoteHost icq you gotta now his / her number coz thats the Window name. -------------------------------------------------------- Change ISP Name Command isp:hello This example will change the name of the ISP. Your connection name to 'hello'. -------------------------------------------------------- Change UserName Command user:NewUser! This example will change the windows username to NewUser! and when the RemoteHost restarts try to type thier password in it wont work coz of a new User! -------------------------------------------------------- Command printer:CaNNON Me! This example will change the name of the printer to 'CaNNoN Me!' Pretty cool -------------------------------------------------------- ChangeCompName Command computer:MYUglyComp This example will change the Computer name to MYUglyComp nothing special about it. -------------------------------------------------------- MakeDirectory`s Command md:c:\me This example will make the dir "c:\me" you make whatever you like -------------------------------------------------------- ChangeMouseSpeed Command speed: 80 This example will change the mouse speed to pretty normal (80) try to change it like 100... -------------------------------------------------------- Cool Thing! Command note: Hey man! This example will first pop up and button where it says press here then it wil start notepad and write 'Hey man!' its pretty cool funktion! -------------------------------------------------------- Cool Thing! Number 2 Command ugly:Hey fuckhead! This example will popupp a black window on the screen that says 'Hey Fuckhead' another cool funktion! --------------------- --Subseven *series*-- --------------------- Its a pitty I'm tired, cos I gotta run together the whole of the subseven series. In my opinion, these are the best trojans in the world EVER!! (apart from one....). Find a copy of 1.8, and have fun. Oh well, here ya go. The SubSeven 1.8 text file. And it really is good..... [ d e s c r i p t i o n ] SubSeven can be used as a remote administrating tool or as a hacking tool. it consists of three files: server.exe, Sub7.exe and EditServer.exe. to use it, run server.exe on the victim's computer [don't ask me how! figure that out by yourself], find his/her ip number then run Sub7.exe from your computer. that's about it, after that you can _really_ have some fun with the victim. you can configure the server before sending it using EditServer.exe [ h o w i t w o r k s ] well, it's pretty easy. the first time you run server.exe on a computer, the program installs itself into the memory, and starts every time windows is restarted. Sub7.exe is the main program you use to connect to the server. [ c o m m a n d l i n e p a r a m e t e r s ] + you can run the server with the following command line parameters: /PASS:password where password is the password required to connect /PORT:xxxx where xxxx is the port number + example "server.exe /pass:fuckoff /port:1777" will install the server on port 1777 using the password "fuckoff" [ f e a t u r e s ] [grab a coffee, light a cigarette and read on] + SETUP SERVER. you can setup the server before sending it to the victim. to do that, use EditServer.exe. for example, if you set it up to your ICQ #, when the server is ran on the victim's computer, it will send you his ip number + PACK the server.exe with another EXE file or with an image. + you can change the victim's resolution. it displays a list with all the resolutions available on the victim's computer and you just pick one and hit "change it!" :) + e-mail notify. it allows you to specify an email server, and your email, so you'll receive an email with the victim's IP when he connects some people requested this, because for some reason the "icq notify" did not work for them + you have the option to see all the running processess [visible or not] you can use this to see if other trojans are installed for example + print feature! allows you to specify a text to be printed on the victim's printer [along with the style and size of the text] + registry editor. view/create/delete/change everything in the registry + find files feature. find any file on the hard drive. you can also use wildcards + ScrollLock, CapsLock, NumLock can be turned ON and OFF + disconnect victim. hangs up the victim's connection to the net + focus window has been added in the "windows manager" section. + you can now specify the _quality_ of the preview image and screen shot image. this is useful on slow connection, the lower the quality the faster the transfer. + auto notify on the specified UIN when the server is first ran. So it goes like this: you setup the server before sending it. you specify your icq number, and a name [if you're sending the server to more than one victim, you'll know which one this is]. then, you send the server and wait. when the user clicks on it for the first time, you'll be notified the victim's ip#, port and the name you specified on icq. this'll make _a lot_ of people happy. + show image feature. it allows you to pop up an image on the victim's screen from the victim's hard drive. the image can be: JPG,BMP,GIF,ICO,WFM,EFM + continuous screen capture is finally here! oh yes! you can now see what the victim is doing on his/her desktop whithin seconds. it's just like a live video of his screen, and it does NOT interfear with any other feature. so you can actually listen for his keys, download his files, and view his desktop at the same time. :) + flip screen. that's right. you can flip the victim's screen horizontally, vertically or both. when the victim double-clicks the left button anywhere on the screen, the desktop is restored. + hide/show the victim's desktop icons. i don't know why the hell ppl want this, but they got it. + the program [subseven.exe] notifies you when new versions are released [starting from 1.3 and up]. it checks for new versions, and if a new version has been released, it shows you a [pretty neat] window, with the link to the new file, the size of the new file, the date released and even a list with all the changes. that's, all without even running the browser. + you can set your server.exe file to act in a certain way when it's ran. for example, you can set it to display a fake error message, or just to install without any notification. + FTP server. change the victim's hard drive into a FTP server. you can access every single file, using a FTP program [like CuteFTP]. it's basically a Serv-U clone, that gives you full access to everything. While setting the FTP server, you can specify the PORT number, the PASSWORD needed to connect and the maximum number of clients that can be connected at one time. + message manager. you can send custom messages to the victim. you can specify the type of window [question/information/warning] the caption of the window, the text, and even the buttons. you'll receive the button clicked by the victim + set the online notification on/off. NO more email server crap. just enter your uin and press enable. that's it. it works! + enable or disable Ctrl-Alt-Del. when ctrlaltdel is disabled, the victim won't be able to press CtrlAltDel anymore. works for Alt-Tab too. + send keys. you can type your own keys, send one of the victim's windows, and send those keys to that window. useful for mirc if you wanna make the victim type "i'm gay" or something. + send messages or questions to the victim's computer with the specified message or question. you'll be noticed of the victim's answer + open the default browser at the specified address + hide or show the Start button + take a screen shot of the victim's desktop. the image will be shown and saved as desktop.jpg + disable keyboard + chat with the victim. a small ICQ-like chat window will appear on both computers. the difference is that on the victim's computer, the chat window will _always_ stay on top. while chatting, you can do a few things like: hide the victim's typing space [meaning, the small window where the victim types will dissappear] start/stop his/her PC Speaker. the victim will _not_ be able to close the chat, so if you don't close it it'll be stuck there the whole time :) + start/stop the victim's PC Speaker. [i thought it'll be nice to tell the victims about the good-old PC Speaker] + restart windows. don't abuse it though. + open/close the CD-ROM + set the length of the victim's mouse trails. [you know, that annoying trail you can set windows to add to your mouse pointer] + set a password for the server. [that's if you don't want other people with SubSeven using that server] + get all the active windows on the victim's computer. after that you can: - close a specified window - enable/disable a specified window [the victim will or will not be able to interact with it] - disable the close button on a specified window - hide or show a specified window + get a list of all the available drives on the victim's computer + turn monitor on/off. this only works on the monitors that _can_ be turned off programatically + show/hide the taskbar. + get more information about the victim's computer. like: windows version, user name, company name, screen resolution, etc. + change the server name. the server will save itself with the specified name + listen for all the pressed keys. you'll see all the keys pressed by the victim. useful to get passwords. + record. yep, exactly what it says. you specify the number of secounds to record for, and the server will send you the recorded file when it's finished. the file will be saved as soundfile.wav [note: this only works for victims who have a microphone installed] + file manager. you can easily see all the files and folders on the victim's computer. when you double click on a diretory, the server will change to that directory. when you select a file, you can: - get the file's size - download it - set it as wallpaper [only if it's a JPG or BMP file] - delete it - play it on the victim's computer [only if it's a WAV file] - execute it [the program assigned to open that file will obe launched on the victim's computer] + reverse/restore mouse buttons. this is awsome when you play some kind of multiplayer game with the victim] + close the server on the victim's computer. [note: the server will start again next time the victim starts windows] + remove the server from the victim's computer. this completely removes the server from the memory + change the port used. you can do it in 2 ways: run "server.exe /port:xxxx" or, connect to the server with Sub7 and click "change port" + IP motherfukin' scanner! it ONLY scans for Sub7 servers, and that's why you _don't_ need a port (it has its own method of recognizing the server). if you find an infected IP, that doesn't mean you can connect. you still need the port [if other than 1243] and the password [if set] + get passwords. you'll receive a list with all the passwords recorded on the victim's computer since startup. + offline key logger. "get offline keys" retrieves a list of all the keys pressed since the windows startup. ----------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------- Here it comes.......The biggie.....The most bestest greatest trojan in the world EVER!!!!! ----------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------- ------------------ ---XXXXXXXXXXXX--- ------------------ The name (for the moment) must remain a secret, If it became widespread, then patches would be released for it in no time. And it really is great. I guarantee it can do everything you would be able to do if you were at the terminal yourself. Wanna access the control panel? no problem. Oh yeah, there is one feature you wouldn't expect to see on a trojan. If you see me on ICQ, I might just send you it.... (32342808) ----------------------------------------- ---------------mist350------------------- -----------------------------------------