Acid Reign 2.0
|
· Overview ·
|
Overview |
|
Vendor Notes: |
From the doc: 'Just a Basic WebDL that will download a larger file to your victim Usage: 1. open Acid Reign.exe 2. edit the url of the larger .exe to download 3. edit the name that you want the file to be saved as 4. choose an icon 5. press generate to compile the server features: *only 1.54kb packed making it one of the smallest webdl's to date *melts itself after file is downloaded removing any traces of itself *works on win9x/me/nt/2k' Acid Reign vers. 2.0 Coded by illwill in ASM 5/9/2002 a 1.54kb webdownloader that will download any file from a website and execute it. ; features: *only 1.54kb packed making it one of the smallest webdl's to date *melts itself after file is downloaded removing any traces of itself *works on win9x/me/nt/2k Instructions: 1. extract all files from zip to a folder 2. open up editor.exe 3. select the ... to browse for server.exe 4. once server selected press read 5. change the settings to your liking a.url: is the address of the file you want to download b.exe: is the name of the file is called after downloading Greetz n Shit: Phrostic,stan,code and macker for the website hookup,mcbain,xeo,xeek adding AV and firewall kill soon also... more features to come :) illwill |
Alias: |
Bck/Infector.20 [Panda], destructive program [F-Prot], Downloader.cfg [McAfee], TrojanDownloader.Inflict, TrojanDownloader.Inflict [Kaspersky], TrojanDownloader.Win32.AcidReign, TrojanDownloader.Win32.AcidReign [Kaspersky], TrojanDownloader.Win32.Small.f, TrojanDropper.Win32.Fearless, TrojanDropper.Win32.Juntador.c, TrojanDropper.Win32.Juntador.c [Kaspersky], Win32.AcidReign.10 [Computer Associates], Win32.Juntador [Computer Associates], Win32/Juntador.C.Joiner [Computer Associates], Win32/TrojanDownloader.Inflict.A trojan [Eset], Win32/TrojanDropper.Juntador.C trojan [Eset] |
Category: |
RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment. Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker. Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site. Dropper: In viruses and trojans, the dropper is the part of the program that installs the hostile code onto the system. Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs. |
Variants: |
|
Similar Pests: |
RAT · Backdoor · Downloader · Dropper · Trojan |
Origins |
|
Author: |
Illwill |
Programming Language: |
Editor written in Visual Basic, server in Assembly. |
Date of Origin: |
Variants from June, 2001 to June, 2003 |
Distribution |
|
Prevalence: |
|
Clot Factor: |
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone. |
Countries Affected: |
In the past three months, we have received reports of Acid Reign in United Kingdom, United States. |
Operation |
|
Storage Required: |
|
ScreenShot: |
|
Acid Reign 2.0
Acid Reign 1.0
Risks |
|
Detection Issues: |
Difficult to detect by design. May hide from process list. May install with variable names in variable locations. |
Detection and Removal |
|
Automatic Removal: |
|
Manual Removal: |
Follow these steps to remove Acid Reign from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
| Stop Running Processes: Kill these running processes with Task Manager: | |
| Remove Files: Remove these files (if present) with Windows Explorer: | |
Research |
|
File Analyses: |
|
More Info: |
|
Research By: |
|
Last Revised: |
April 14, 2005 |
PestPatrol detects this.