Spyware Detail

Alias

Backdoor.NetTrash.10.d for client

Vendor Description

Features (from the doc): * Left Handed Mouse - changes mouse buttons * Right Handed Mouse - changes mouse buttons back * Set Cursor Position - sets the position of the mouse to custom postition, specified by typing in the X-axis and the Y-Axis fields * Disable Cursor - disables cursor movement * Undo Disable Cursor - undoes cursor disable, restores movement * Control Mouse - controls mouse * Stop Control Mouse - stops controlling mouse * Funny Mouse - moves mouse to random positions * Open CD-ROM - opens CD-ROM * Close CD-ROM - closes CD-ROM * Show Messagebox - shows small message box * Installed Office Apps - checks installed micro$oft office applications * Show System Informations - shows system information * Show Drive Informations - shows hard disk information * Show Key State - shows if num-lock, caps-lock & scroll-lock are on or off * Show Active Windows - shows active windows, visible and invisible! good feature! * Disable CTRL-ALT-DEL - disables CTRL-ALT-DELETE buttons * Enable CTRL-ALT-DEL - enables CTRL-ALT-DELETE buttons * Kill Taskbar & Desktop - kills taskbar and desktop icons * Restore Taskbar & Dekstop - restores taskbar and desktop icons * Logout User - logs out user * Reboot Windows - reboots windows * Exit Windows - shutsdown windows * Server Chat - chat with victim (good feature!, try it on yourself) * Time Win Running - checks and shows how long windows has been running for * Close Server - closes server * Remove Server - removes server * Beep - beeps on PC speaker * Set Num Lock - puts num-lock on or off * Set Caps Lock - puts caps-lock on or off * Set Scroll Lock - puts scroll-lock on or off * Windows Color Settings - changes windows color settings * Set Monitor in standby (Win95) - puts screen/monitor on standby * Restore Monitor (Win95) - puts screen/monitor off standby * Lockup system - jams/freezes computer * Disable Clipboard - disables clipboard * Enable Clipboard - enables clipboard * Hang Up Internet Connections - disconnects victim from internet * Start Screensaver - starts screensaver * Display Dialog - displays shutdown dialog * Mouse Click - clicks mouse * Open Browser - opens internet explrer * Send Keys - send keystrokes to active application (good feature!).

Category

RAT:  A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.



Variants

WinRat .1 · WinRat 1.2 · WinRat 1.3 ·

View Full Details