(c) Overlord 7/18/1998
OVERVIEW: This is an add on for Masters Paradise (MP). MP lets you control someone elses computer when they're on line: see whats on their screen, download their files, get their passwords all secretly. But therez a catch....
You gotta know their IP (easy enuf, thru ICQ, IRC, recent emails, etc.). You also gotta have them running a TSR ('the agent') on their computer (more difficult).
This is where Masters Paradise Trojan comes in. This is what it does:
WHAT THE TROJAN DOES: Helps you get the agent to their computa, while lookin real innocent.
WHAT THEY SEE: You just send them the icqcrk.zip (the trojan) file, saying its a cool ICQ utility. They run it - but it just comes up with a heap of errors and drops out. Dang! Isn't it always the way with good games.
WHAT REALLY HAPPENZ: Unknowingly to them, there were no real error - just looked like that. The trojan has copied the agent over to their /windows/system directory. Executed itself, so it is running. Set its attributes so it can't be found. Set up stealth protections so it can't be deleted. And last and most importantly, modified win.ini so that it loads whenever they turn on their computa any time in the future. Now, whenever they are on the net, they are YOURS!
STEALTHINESS: The trojan will not show up anywhere as loading, not in the in box, not the startup menu, not anywhere! The only way you can see if it is running is if you go CNTRL-ALT-DEL, you will see two copies of 'Explorer' running. One of these is the backdoor to their computer. The only other way they could find it is by checking through their win.ini file, and seeing 'explorer' getting auto loaded. But that looks innocent enuff, i bet????
KNOWN PROBLEMS:
1/ If you got the trojan on your computa, it is very hard to get it out. You would have to edit win.ini and remove any refs to explorer.exe, then reboot and then delete explorer from windows/system.
2/ This will only work if they have set up Windows in the default directory (/Windows).
3/ Will not work in Win 3.1, etc. Only Win 95 and greater.
4/ I notice sometimez the trojan works real slow (about 10 seconds to do its job). But still probably believable enough.
VERSIONS
v.1.2 Now pretends to be an ICQ utility. Works even from floppy drive now, and wipes itself out after installing.
v.1.1.1
-Now installs to c:\windows\system rather than \windows in drive where go.exe is located.
v.1.1
- More Stealthy. Does not just send the agent to startup menu, but modifies win.ini to load itself real invisibly.
- No longer pretends to be a Tic Tac Toe program. Now, you can send it to someone saying it is anything (you can change the name from gamer.exe to hackutil.exe if you want). Just comes up with a fake error anyway.
- Have changed the Pascal compiler so Thunderbyte doesn't give warnings any more.
OVERLORD - overlord@bay-watch.com
...und das war 98! was machen die kiddies heute schöne sachen mit java & co. ?
