Bifrost 1.1
(Backdoor.Win32.Bifrose.g for Client)
(Backdoor.Win32.Bifrose.d for Server)
(Backdoor.Win32.Bifrose.aa for Packed Server)

by ksv

Server is compressed with FSG 1.33

Released in September 2004

more versions


Bifrost fwb+ v1.1 by ksv
-----------------------------------------

Disclaimer
----------
Bifrost must only be used on your own computers or on computers where the owner has expressly given his/her approval. 
Neither EES or the creator(s) of Bifrost will in no way be held responsible for any damages caused by the negligent use of this software.


Description
-----------
Bifrost fwb+ is an advanced Remote Administration Tool that allows you to remotely control computers that are behind firewalls and routers. That includes software firewalls that usually detects when a dll is injected. The server size is only 20 kb when packed.
Features:
Cam Capture, File Manager, File Search, Offline/Online Keylogger, Password List (protected storage, cached passwords, icq, cd keys), Polymorphic Plugin, Process List, Remote Shell, Screen Capture, System Info and Windows List.


Getting Started
---------------
The main idea is to create a server without the plugin, in order to make it small (20 kb).
Without the plugin, Bifrost will have the basic functions:
File Manager
File Search
Process List
Screen Capture with basic compression
System Info
Windows List.

If you then chose to upload the plugin, the following functions will also be available:
Cam Capture
Offline/Online Keylogger
Password List (protected storage, cached passwords, icq, cd keys)
Screen Capture with better compression
Screen Capture with jpg option
Remote Shell

You can see if the plugin has been uploaded by looking in the "P" column in the main window.
The "C" column will tell you if there is a webcam installed in the remote computer.

ksv


Server:
dropped files:
c:\WINNT\system32\plugin1.dat size: 51.733 bytes 
c:\WINNT\system32\server.exe  size: 72.350 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "startkey"
data: C:\WINNT\system32\server.exe 

tested on Win2000

MegaSecurity