Bifrost 1.2
(Backdoor.Win32.Bifrose.aci)

by ksv

Released in December 2006

more versions

 

 


v1.2
General/Mainwindow:
* Server rewritten to 90%, now being better at bypassing firewalls.
* Registry Editor added.
* Datacompression added for most transfers between server and client.
* Kernel level process hiding added (DKOM method, hiding the process where bifrost is injected, unless injected to a specific process).
* Improved ping system. Pingsystem also modified to send pings less often when connected via TOR, as the minimum packet size then is 500kb.
* Remote user idle time added (time away from keyboard).
* Assigned name and download folder always combined with an unique id (harddisk volume nr) to ensure each user get an unique name.
* Possible to make notes about each user.
* Bypasses windows hardware data execution protection, DEP.
* Checking of passwords for incoming connections is now optional.
* Uploading of plugin more stable.
* Server can now be injected to svchost.exe.
* "Persistant server" option added.
* Minimize to tray added.
* "Open Download Folder" added to context menu in main window.
* Added flags indicating country next to each connection. Method used to determine country can be selected from settings menu.
* Works on restricted accounts:
+ If the user isn't logged as admin, the server will be created in Application Data folder.
+ If it fails to write activex or HKLM to the registry, it will automatically write to HKCU as the user is logged in on a restricted account.

Builder/Settings:
* New builder with much more help text.
* Up to 20 dns's allowed.
* Connection from server to client via up to 20 socks4 proxies.
* TOR plugin (by Andvare) added. Allows the remote user to connect to you via TOR network.
* Possibility to choose mutex name.
* Option to use kernel level unhooking.
* Older file date and attribute hidden can now be selected for the server.
* Option to delay server start first time it is run by a selected number of days, hours and mimutes.
* Server file and subdirectory can get file mode "invisible", "system" and get an older file time set.
* Server is always installed to a new subdirectory in either "program files", "windows" or "system32".
* Option to run the server in a fully visible mode (for remote support).
* Possible to make the server sleep (not making any connections at all) by pointing it to 255.255.255.*. Thanks to s13az3 for this idea. wink.gif

Filemanager:
* Last changed file date added in filemanager.
* Network shares added to filemanager.
* Option to exclude "temporary internet files" from file search.
* Recursive deleting of directories added.
* Recursive download added.
* Added option to resume downloads.
* Added option "Yes to all" and "No to all" when being asked if to overwrite when downloading.
* Filemanager has direct links to desktop, my documents and recent files.
* Added "set desktop wallpaper" to filemanager.
* Possible to manually enter a path in the filemanager
Bugfixes:
- Bug when selecting a drive in the filemanager with no permission, fixed.
- Dowloading of file with zero size no longer hangs.
- Errorhandling improved for fileuploading.
- Bug when running a file from the filesearch list fixed
- Long filenames can now be used in file search

Keylogger:
* Keylogger moved from plugin to server, so plugin is no longer needed for offline.
* Size of the log chopped to half size when reaching 2 mb to avoid too big logs.
* Option to exclude shift, Ctrl and backspace added to the keylogger.
* Possible to save offline keylog to file.
Bugfixes:
- Bug in keylogger that messes up the use of dead keys (like �^��) fixed.
- Bug that causes online keylogger to sometimes lose chars fixed.

Screencaps:
* Screen cap option of 16 and 1 bit images added, to give the option of faster caps.
* Size of image displayed in the sceen cap window.
* Added option to get full size screen cap and then navigate with scroll bars.
Bugfixes:
- Bug that caused client to crash when closing and reopening screen cap while recieving fixed.
- Screencap crash when using no plugin and big caps fixed.
- Memory leak when taking jpg caps fixed.

Webcam:
* Better handling of webcam when more than one driver.

System Manager:
* More info sent to "System Manager". System info is also automatically refreshed when opened.
* Process were injected to marked in red in process list.
* Info if user logged in as admin added to the system manager.

Password grabber:
* Firefox added to password scanner.
* Msn added to the password grabber.
* More cd-keys added to the pw-stealer.
Bugfixes:
- Buffer overflow errors in the password grabber in the plugin, which could cause server crash are now fixed.


Server:
dropped file:
c:\Program Files\Bifrost\server.exe
size: 27,517 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} "stubpath"
data: C:\Program Files\Bifrost\server.exe s 
	
	
	
tested on Windows XP
December 05, 2006

MegaSecurity