.96mm 1.03

· Overview ·
· Origins ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 Changing Bomb Timer ( Timer Control ) Connect to a Server "127.0.0.1" Default, Enter a New Time 1 Minute = 60000 ( Possible? ) 1 Second = 1000 1/2 Second = 500 1/5 Second = 200 After Choosing your Interval Whether it is 1 Minute 1 Second etc. Click the Button that has the "::" Column's on it, This should Take about 5 Seconds Depending on your connection to Reach the Server and Change the Value. ------------------------------------------------------------------- :: Changing Bomb Target ( Process ) Connect to a Server "127.0.0.1" Default, Enter a New Process The Default process is "taskmgr.exe" is used this Process on Myself so i could CTRL + ALT + DEL and the Timer Interval i Set would Auto Stop that Process. So i could see how it was Working. ---- AntiVirus Processes and Firewall Processes are the Main target If you Find that the Process will not Kill Itself, It is Because you are not Admin or the A/V Doesn't allow it. net user /add .c0m 1234 -- Should make an Administrator. Not Sure But this is Just Basics at the Moment, when i Get some Time I Will make this into a Nice Little Program that has Many Process Killing Features :)

Alias:

 Backdoor.Cruel.96

See Also:

 Backdoor.Cruel.96 for UPXed

Category:

RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Variants:
  • .96mm 2.1
    		•

    Similar Pests:

    		 RAT

    Origins

    Author:

    		 .c0m

    Programming Language:

    		 Visual Basic

    Date of Origin:

    		 October, 2004

    Operation

    Default Port:

    		 96 TCP More info about ports.

    ScreenShot:


    .96mm 1.03


    .96mm 2.1


    .97mm 3.22

    Risks

    Detection Issues:

    		 Difficult to detect by design. May hide from process list. May install with variable names in variable locations.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Research

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 October 12, 2004