Written by Doc~
Released 3.21.02

About D.I.R.T

www.megasecurity.org
This article and the opinions are the sole belief of the author, and not those of the website. The author acknowledges that there maybe some false information, the author releasing everything at this time fully believes everything to be true, and unless proved otherwise, should be taken so. By reading and or distributing this information you the user are responsible for any actions or responses that may occur.

This is an opinion paper
Recently, Megasecurity obtained leaked copies of D.I.R.T. (Data Interception by Remote Transmission). A good link for information on DIRT is Cryptome.org. I had read a while ago about this program. It said federal authorities used it; I was picturing a whimsical interface with options that aren't yet implemented in backdoors today. I was more disappointed than women whose fiancé has eloped with her sister. Pretty disappointed...Not only that I could not understand who would pay money for this abomination of a program.

Problems I found with it...
- It comes across as very unflexable, and somewhat reliable. A criminal with half a brain worth of computer knowledge could see he was being monitored. He could have packetsniffed and seen the e mail address of the people monitoring him.
The people using this program must not have a clue....In the configuration file it says:
# !!!! DO NOT change these settings unless you
# really know what you are doing !!!!
# DO NOT add any file statements before this section!!!
bugname Desktop.exe
dllname Desktop.dll
logname Desktop.log

Those three things are the filename of the server, dll name for the server to call, and log name...Sounds pretty dangerous to me....
- Its only form of notification is through e mail, which is a decent idea except for the fact you can easily see those packets.
I would like to create the term "Authoritarian Trojan" since cops and other authorities are using this Trojan
One would figure that a program developed to capture and gain evidence against criminals would have a nifty installation and startup routine.... Well, sub7 has a more effective startup method. DIRT sets the ever so common HKLM\Software\Microsoft\Windows\Run key.
-I would have to say the smartest thing about this trojan is its macro infection. But seeing as macros are customarily disabled there goes that hope.

Thoughts
First off if you are someone who has bought this program ask for your money back. Secondly if you are thinking about a Trojan for monitoring or gathering evidence look no further Megasecurity has a "Trojan Top List" take your pick from there. The thought of authorities using this tools is scary the sloppiness of this program itself would leave me shocked the government would buy such a tool. I see no difference in this tool than sub7 expect everyone uses sub7 and sub7 has a GUI...Oh wait I forgot DIRT does come with a nifty target manager where you can name your targets by case #...Oh the joys in life!

More Links:
http://www.theregister.co.uk/content/55/24433.html(14 March 2002)
http://www.theregister.co.uk/content/4/19480.html
http://cryptome.org/DIRT-bags.htm
http://cryptome.org/dirty-secrets2.htm
http://cryptome.org/dirty-lantern.htm
http://cryptome.org/dirty-jones.htm
http://jya.com/DIRT-spy.htm

No one is perfect if there is false information or spelling and grammatical errors please e mail me and help me correct them I am firmly against false information and have gone to great lengths to verify everything mentioned above        -> E mail -> http://tnt2.ath.cx:5080/kernel32/[email protected]?subject=false info/error
Thanks goes to the following people in no special order:
Cyberfly, M_R, weed, #tnt, connected, and ap0calaps, dragnet, and alex. If you have been forgotten I m sure I was having a memory lapse thanks to you too.