Noob 3.01

What is it?

  • A spy Trojan horse.

What's so special about it?

  • The ability to bypass any type of firewall (i.e AtGuard, Conceal and Proxy servers & Wingates). I think that firewalls are the greatest barriers to Trojans. With Noob this problem is solved! :-)
  • The file isn't an executable. It's an HTML based Trojan.
  • If you can figure out my spaghetti code, then you can customize the Trojan because I wrote everything in scripting language so that it doesn't have to be an *.Exe (Nobody seems to accept Exe files these days). I'm not selfish but please don't forget to give me credits for any modifications you make on Noob.
  • You can spy on your target's conversation in real time and send messages to people from his nickname without him/her seeing what you sent.
  • Limited ability to write/read from files using commands such as '/write' in mIRC. 
  • It looks like anything except a Trojan. Noob is ideal to send to your girlfriend, if you think she's not being totally loyal :P, because it's in the form of a byoootiful lil love animated card. Ain't that sweet?

What are the main drawbacks? (I do not claim that Noob is perfect)

  • The victim must be using Microsoft Internet Explorer 4.0 SP1 or 5.0
  • The user must click on 'yes' when prompted if he/she wishes to allow ActiveX objects to be accessed by scripts. (but since browsers often display silly dialogs some people just click on 'yes' without even reading it. And besides I make it seem that the card uses ActiveX so that they think it is necessary to enable it)
  • By default ActiveX controls are disabled when browsing over Internet Zones therefore this Trojan cannot be used on a Website. Don't even think of sending it through HTML-based E-mails like hotmail as an attachment, unless you zip it first, because when the target opens the mail it will still be over an internet zone therefore it won't work.

How should I send it?

  • Since Noob was designed for IRC users you could send it through DCC.
  • Zip the file first and then send it via E-mail. This forces them to download it before viewing.
  • The above solutions are only proposed scenarios. You can send the file anyway you wish but just remember that it must be viewed off the web.

Full Details

The main reason why I made this version of Noob is because it is not affected by the use of Firewalls. Even if the victim uses a firewall to filter incoming and outgoing traffic through his ports, Noob 3.0 will not be affected as it sends and receives through an IRC connection. In addition to this there is no need to use telnet or netcat in this version. All commands can be issued directly from your own mIRC window (see point 6).
With this mail comes an attachment file called "AnimatedCard.htm". This is the Trojan itself. The particularity of this Trojan is that there is no need for the victim to run an executable (*.exe file) because many people have grown suspicious about them. Instead of that the victim just has to open an HTML file and click "YES" at a not-at-all scary warning dialog.

Here is a scenario:
1. Send it as a mail attachment after having zipped it.

2. Once the victim opens that page he/she will be prompted to Accept Initialization of an ActiveX Control (this is the sticky part). If the victims clicks on "YES" then he/she will be infected.
* Note once again that this only works on Internet Explorer 4.0 SP1 or 5.0 actually*

3. Assuming that the Victim clicks on "YES", the Trojan will scan his Hard Disk and search for any mIRC scripts or plain mIRC presence. Once it finds a version of mIRC it infects it with a "script.ini" like Trojan called Noobini.ini.

4. When your victim connects to IRC all you have to do is type:
/ctcp {your victim's nickname} gravity3
If the victim was successfully infected then you will receive a message from him saying "Noob Active".

5. Now all you have to do is sit and wait to see whatever the victim is typing in his mIRC including his Nickserv or Chanserv PASSWORDS (on Dalnet) !!! Everything will be sent to you in the query window.

6. You can also issue commands to the mIRC of the victim by simply typing commands in your mIRC window as shown below...

for example you could type:
(a). To see the victim's nick changed to "I-Am-A-Bitch" type:
/ctcp {your victim's nickname} /nick I-Am-A-Bitch 

(b). To drop the victim's nickname if he has identified type:
/ctcp {your victim's nickname} /nickserv drop {The victim's current nick}

(c). To make the person banned from a channel try this ;)
/ctcp {your victim's nickname} /msg {#channel name} I think you're all too lame. Fuck you all!

(d). To get an Fserve Running try using the FSERV command... more on that in the mIRC help file. This command can turn out to be useful if you want to download or upload file to the victim such as a Back Orifice server in the "Startup" folder.
The possibilities to this are only limited to mIRC commands that exist. It's as if you were in the place of the user.

(e). If you want to say something to a user from the victim's behalf try this out. 

-Let us imagine that your target is called John and he is talking to someone called Ann and that you want Ann to think that John is really a piece of shit. Do the following...-

/ctcp John //raw PRIVMSG  Ann :Whenever I see you I feel so horny. I just can't figure out why! How much would you take for a night bitch?

-Now you can imagine what's going on in Ann's mind but poor John will probably never understand why Ann thinks he is such a jerk since John never saw what message you sent Ann from his nickname. :P

7. To stop spying on the victim just type:
/ctcp {your victim's nickname} gone

-------------------------------------------------------------------------------------------------

I explained this in detail in this document but in fact its much easier than it sounds:
1. Send the victim the file
2. Let him/her open it.
3. Connect to their PC and have fun!!

Personal Notes:

  • Thanks to KanKan for starting such a wonderful project called the Trojans Lair (www.tlsecurity.net).
  • If you find something that can help enhance Noob please let me know. I'd really welcome stuff like overflows that could disable the message or any other miracle of that kind.
  • Noob really screwed my life up. I lost my best friend coz of that... Be careful with it. Spying isn't worth it if the person trusts you.
  • I've recently worked on overflows for the most common browsers and I plan to realease a version soon. The new version will upload and install a Noob server + a the thing trojan that works on IE 5.0, 5.01, 5.02, 4.01 and possibly another version for use with netscape browsers. This new version will completely eliminate the user prompting and will be operational even on 'Internet Zones' i.e. on websites over the web. Coming soon!
  • Sorry for the *1 message that some were receiving in the previous version of Noob. That was due to a scripting error from me. (I'm such an idiot sometimes.) This version works just fine on all mIRC versions. I got hundreds of mails complaining about this. Sorry I didn't reply to all of them! :P 
Designed by |SHAD0W|
Copyright � 1999 [SHADOW]. All rights reserved.
Revised: July 14, 2000 06:54:44 PM .
Visit me @ http://pages.intnet.mu/kga
Mail me @ [email protected]