Voice Spy 1.0


· Overview ·
· Origins ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·



Overview

Vendor Notes:

From the documentation:

*** VOICE SPY 1.0 ***

**** BY: CrAcKeR ****

- cracker@cracker.ws -
--- www.cracker.ws ---


INTRODUCTION:

Voice Spy 1.0 is a client / server application used to listen and talk in real-time on remote computers.


CLIENT:

The Voice Spy 1.0 Client is very simple to operate. Once you execute the program, an icon is created in your system tray. If you ever lose track of the client, simply double click this icon and the client will restore itself on your screen.

Operating the Client is fairly simple. First you must have an IP Address in which the Voice Spy 1.0 server is installed. Once you have an IP Address, simply enter it in the IP textbox and click Connect. The Voice Spy 1.0 client will attempt to connect to the remote machine. Please be advised that the Voice Spy 1.0 Server DOES NOT allow multiple connections.

Once connected (you can check your connection status in the statusbar), you can do one of three things. I will discuss the first two now.

- Talking -
To talk on the remote computer in real time you must press the Activate, located in the Talk frame. Once you do this, the server will attempt to enable to voice server. Once this is done your Activate button will say "DeActivate". Once this happens, you are ready to talk. Simply click the "Start Talking" button to begin talking. Once you click "Start Talking" you will be talking on the remote machine until you click "Stop Talking". Always be sure to DeActivate the Talk once you finished Talking for good, or a long period of time.

- Listening -
Listening works about the same as Talking. Simply Activate it, and click "Start Listening". If the server has a microphone plugged in (and most people do), you will be able to listen to the remote computer's surroundings in real time. Therefore being able to listen to your 'victims' reactions when you do things on SubSeven, etc. Once again, when you are done Listening for a long period of time be sure to click DeActivate so you free up your Memory and the Server's as well.

Voice Spy 1.0 is perfectly capable of Listening and Talking at the same time. However be advised that this does take a lot latency and might not work good for people with slow connections. 56K + is recommended.

If you look at the bottom of Voice Spy 1.0 you will see a button that says "More >>>". Clicking this button gives you the options to set the Server's and the Client's volume. Simply set it to the setting you wish, and click Set. You will not get a response from the server, so don't expect one.


SERVERS:

The Voice Spy 1.0 Server is was created in Visual Basic, and therefore requires certain runtime files. For the server file to execute properly, the computer running the file must contain the following files:

MSVBVM60.DLL
MSWINSCK.OCX

Because not all computers contain these files, Voice Spy 1.0 has four different server types. Below is an explanation on each type of server.

SmallServer.exe -> Contains only the server file. (123 KB)
MediumServer.exe -> Contains the server file and mswinsck.ocx (195 KB)
BigServer.exe -> Contains the server file and msvbvm60.dll (945 KB)
HugeServer.exe -> Contains the server file, mswinsck.ocx, and msvbvm60.dll (1 MB)

Please note that Voice Spy 1.0 is best used as an additional feature to other trojans, such as SubSeven. For example, if the remote computer is running the SubSeven server, you will be able to view the contents of his/her C:\Windows\System\ and determine which Voice Spy 1.0 Server you need to upload to them. If the remote computer has the file mswinsck.ocx, but not msvbvm60.dll, then you upload MediumServer.exe. If they have neither, then you upload HugeServer.exe.

If you are not sure whether or not the remote computer has these files or not, you have 2 options:
1) Upload SmallServer.exe and hope they have the files and everything goes fine.
2) Upload HugeServer.exe.

In almost ALL circumstances HugeServer.exe will work. So when in doubt, use it.


HELP, ASSISTANCE, COMMENTS, SUGGESTIONS, BUG REPORTS, ETC.

If you need help, or any of the other above for that matter, you can contact me at cracker@cracker.ws, or post on the forums at my site, www.cracker.ws. You have a better chance getting help there since other people can help you as well.


LEGAL SHIT:

This program was created by the one and only CrAcKeR. You do not have permission to blah blah blah.


SHOUTOUTS:

I wanna give a shout out to:

Mystikal - If it wasn't for you I wouldn't know how to parse! Keep up the good programming too.

ShutDown - Good to know you're back. Now gets to programming and designing beotch!

Interrupt13 - Wsup man, we been homies since we wuz 5 and shit... but you need to learn to program. =P

To All The Beta Testers - MrQ (Sub7 Crew Member), shadowfax (Cool Guy), Pierre Legarrec (Security Officer in France), MaGuS (Programmer), The American Jesus (Some Guy), Zippo (Programmer), and Seratonin (Programmer).


FUCK YOUS:

I could spend all day filling up this section, but I'll just add a few that come to mind.

Syphillis Crew - You guys are fags. Stop making up excuses and admit that the source you released was all you had the whole time.

SubSeven Crew (selected members) - This is not to all of the Sub7 Crew... just to a few people whose name I won't point out. But you know who you are.. and you're fuckin' lame. Seriously... you are fucking stupid as fuck. And you know exactly to what I am referring to.

d00t - Program something worth programming, and do so without using other people's source code. Ya fuckin homo.

lock d0wn - Well I haven't seen you in months... but your still a queer.

Hackers' Lounge:1 - Everyone in the Hackers' Lounge:1 on Yahoo! Chat who says I'm lame. You guys are fuckin' gay. You sit there with your 'l33to' fades and talk shit, when you don't even know shit. How many times have I sat there and just outspoke you? It goes to the point where you have to leave the room so you dont embarrassed. Just shut the fuck up, and admit it... You're Lame. And I'm not saying I'm a hacker, because I'm not. But neither are you.

And More....


Voice Spy 1.0 - DeleteRight 2000 CrAcKeR - www.cracker.ws - cracker@cracker.ws

- CrAcKeR
" The Name Is CrAcKeR. Don't Like It? I Don't Give A Fuck. Suck My Dick "

Alias:

Backdoor.VoiceSpy, Backdoor.VoiceSpy [Kaspersky], Backdoor/VoiceSpy [Computer Associates], Bck/VoiceSpy [Panda], security risk or a "backdoor" program [F-Prot], TrojanDropper.Win32.RSP.a, TrojanDropper.Win32.SennaOneMaker.20, VoiceSpy [McAfee], VoiceSpy 1.0, Win32/VoiceSpy trojan [Eset]

Category:

RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

RAT · Backdoor · Trojan

Origins

Author:

CrAcKeR

Programming Language:

Visual Basic

Date of Origin:

June, 2000

Operation

Default Port:

1025, 2339 TCP 1025, 2339 UDP More info about ports.

Storage Required:

  • Voice Spy 1.0: at least 145 KB
  • ScreenShot:

    Voice Spy 1.0


    Risks

    Detection Issues:

    Difficult to detect by design. May hide from process list. May install with variable names in variable locations.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.



    Manual Removal:

    Follow these steps to remove Voice Spy 1.0 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:

  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
  • Research By:

  • PestPatrol's Pest Research Center
  • Last Revised:

    April 07, 2005