CyberSpy 8.4
(Backdoor.Win32.CyberSpy.84)

by Ghirai

Released in July 2002

Made in Visual Basic

more versions



Introduction:

-CyberSpy is a trojan (if you don't know what that is, you've got the wrong software package),
 and you can use any terminal (telnet, puTTY, whatever.) to connect to the server.

Configuring a server:

-Run CSEditor.exe. Click 'Load Server' and select the server.
 (you can do this also by passing the server's path as a command line argument). 
-One the server is loaded, configure it to fit your needs 
 (every field is described in the editor's help section; click the '?' icon in the title bar) 
-Click 'Save server' or 'Save new server' to update the settings.
-Now get your victim run the server (how? use your imagination).
 You can and should rename the server.

Connecting to a victim:

-First of all, if you want to keep track of the victims,
 use one or both notification methods (ICQ and Email).
-Once you know the IP/Host name of the victim, fire up a terminal (i suggest puTTY), 
 and connect to the victim's IP/Host name on the port you specified when
 you edited the server (default port is 14194, you should change that).

Commands:

-I'm not listing all the commands/description here. When you're connected,
 just type 'help' to get a list of commands. 
 Type 'help a_command' to get a description of a_command.

Compatibility:

-CyberSpy is compatible with all 32bit Windows OS (9*, Me, NT, 2K, XP),
 and has been tested on 98, Me, NT, 2K and XP.

Program Info:

The Server is ~72BK, the editor ~61KB, and both are compressed.

The server source:
~4600 lines
~470 variables
~80 constants
~90 API declarations
~90 procedures
~60 functions
~20 types

The editor source:
~2500 lines
~300 variables
~50 constants
~20 types
~70 procedures
~20 functions
~30 API declarations
 

-i thought you'd like to know...


Last Words:

-The server's file size is around 72KB (depends on the settings), 
 and i can say that it's very stable,
 and you don't have to fear that you enter wrong parameters/commands; it won't crash!
Are there going to be any next versions? Yes, with lots of improvements...
IMPORTANT: Do NOT compress/encrypt or otherwise tamper with the server!

Greets:

The_Fearless_Programming_Team 
[ Faceless Wonder, Gobo, mf4, Read101, triforce, Wisma-Atria ] and Doc of Megasecurity.

Contact:

[email protected]


Have fun,
Ghirai.

 
Server:
dropped file:
C:\WINDOWS\SYSTEM\MSWINCFG32.EXE 

size: 73 KB

port: 14194 TCP 

startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "Mswincfg" 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Mswincfg" 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Mswincfg" 
c:\windows\system.ini, [boot] "shell" 

MegaSecurity