AntiLamer Light

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Alias:

See Also:

Category:

RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Dialer: Software that dials a phone number. Some dialers connect to local Internet Service Providers and are beneficial as configured. Others connect to toll numbers without user awareness or permission.

Key Logger: (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).

Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password.

Port Scanner: In hacker reconnaissance, a port scan attempts to connect to all 65536 ports on a machine in order to see if anybody is listening on those ports. Ports scans are not illegal in many places, in part because they don't actually compromise the system, in part because they can easily be spoofed, so it is hard to prove guilt, and in part because virtually any machine on the Internet can be induced to scan another machine. Many people think that port scanning is an overt hostile act and should be made illegal. An attacker will often sweep thousands (or millions) of machines rather than a single machine looking for any system that might be vulnerable. Port scans are always automated through tools called Port Scanners.

Variants:

Similar Pests:

Origins

Author:

Group:

By This Group:

Programming Language:

Date of Origin:

Place of Origin:

Distribution

Prevalence:

Clot Factor:

The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

Growth:

Operation

Default Port:

Storage Required:

Restart:

ScreenShot:

Risks

Detection Issues:

Detection and Removal

Automatic Removal:

PestPatrol detects this.

PestPatrol removes this.

Manual Removal:

Research

File Analyses:

• AntiLamer Light: _iu14d2n.tmp-065eaffd.pf ·  5-1-14-24.lnk ·  6.26.2004.10.53.33....0.reg ·  6.26.2004.10.53.34....1.dat ·  6.26.2004.10.53.34....1.reg ·  aconti.exe-105d3294.pf ·  alb.exe-01f9e69e.pf ·  alb.exe-0e801625.pf ·  alb.exe-0fe358f0.pf ·  alb.exe-328f3713.pf ·  antilamer light.txt ·  backdoor.antilam.13.a.exe-3ab6a254.pf ·  backdoor.antilam.20.j.exe-25e4239f.pf ·  collecteddata_127.xml ·  collecteddata_196.xml ·  collecteddata_200.xml ·  collecteddata_202.xml ·  collecteddata_210.xml ·  collecteddata_218.xml ·  config.exe-0b915f83.pf ·  config.exe-28993197.pf ·  drwtsn32.exe-2b4b52ac.pf ·  editsrv.exe-020c4fa9.pf ·  edtsrv.exe-34c94755.pf ·  edtsrv.exe-3861317c.pf ·  edtsrv.exe-39d44f73.pf ·  edtsrv.exe-3af77064.pf ·  english.reg ·  int327777.exe ·  int327777.exe-22f4e5c7.pf ·  int327777.exe-317926e6.pf ·  int327777.sdb ·  int339890.exe ·  joiner.exe-37b4e594.pf ·  new_alb.exe-080f644e.pf ·  readme.htm ·  runw.exe-0acf03f1.pf ·  server.exe-04168f44.pf ·  server.exe-19885956.pf ·  server.exe-1e8ebe0c.pf ·  server.exe-1ea17666.pf ·  server.exe-1fb68265.pf ·  server.exe-1ff20139.pf ·  smt.exe-245bb5ee.pf ·  trojan.exe-0c7fe615.pf ·  trojan1.exe-007581cd.pf ·  trojan1.exe-0d8b60b3.pf ·  trojan2.exe-12ee91de.pf ·  trojan2.exe-2c402d8d.pf ·  unins000.exe-1da47506.pf ·  websx.dlg ·  websx.ini
• AntiLamer Light 1.0: config.exe ·  readme.txt ·  trojan.psw.allight.10.b ·  trojan2.exe
• AntiLamer Light 1.1: readme.txt ·  trojan1.exe ·  trojan2.exe
• AntiLamer Light 2.01: runw.exe
• AntiLamer Light 2.1: edit.dll ·  editsrv.exe ·  readme.htm ·  server.exe

More Info:

Research By:

Last Revised: