by erebus
Written in Visual Basic, compressed with ASPack
Released in january 2002
Espionage is a trojan http server. it was created on an xp box with visual basic.
(it will run on all versions of windows)
trojan runs on port81 and is controlled through browser.
To access the server after infection
simply bring up http://server's ip:81 in your browser.
what is so different about espionage?
Espionage has the ability to close antivirus's on windows 95/98/NT/2k/XP,
including mcaffee and norton. also, on NT/2k/XP, the system task manager is disabled.
Registry editor and msconfig are also disabled along with many other
anti virus and firewall applications.
What else can espionage besides serve files via browser/http?
Espionage has the ability to view screen, view pc camera, view pc info,
erebus
Server:
c:\WINDOWS\SYSTEM\winsvchost.exe
size: 26.624 bytes
port: 81 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Win SVC Host"
Added:
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
MegaSecurity