by Ghirai
Server is written in assembly, editor in Visual Basic
Released in September 2003
v2.0 -> server is now 100% assembly, reaching 2.5 KB packed -> buffer no longer gets lost when victim's box crashes/suddenly reboots/etc. -> added a "get and execute" feature (see readme) -> fixed a bug in the editor, that existed in all previous versions -> some GUI tweaks -> "remove file" now gets deleted after server remove -> some features i didn't consider being neccessary were removed Description: FKS is a keylogger, that will upload the logs to the root folder of a ftp server you specify, when the log reaches a certain size. It will start everytime with windows. It will log *all* keys, and the window caption (between >>> <<< chars, like ">>> Yahoo! Mail - Microsoft Internet Explorer <<<") they were typed in. Date and time when system starts/stops will also be logged. The logs will be uploaded with the name "FKSlog_[time].log", like FKSlog_10-23-15.log (10 o'clock, 23 mins and 15 secs). When reading the log, "<RET>" means enter (return), "<BS>" is backspace, "<ESC>" is escape, "<TAB>" is the tab key, "<DEL>" is the delete key. Compatible with 9*/Me/2K/XP. Configuring the server: It should be easy to set up if you ever used a trojan before; run FKS.exe. First, the server options tab: -> In the "Server Name" field, enter a new for the server after installation, something unsuspicious would be better (use your imagination). Note that if you specify a filanem that exists on the host computer(in the sys dir), it will be overwritten! -> The Registry Key field: same as above, enter something "normal" ;) The Logging Option tab: -> The ftp address fileld: enter the hostanme of your ftp server, like "ftp.myhost.com", or "myhost.com". You should know that... The server will connect to port 21 (default for ftp). -> Ftp username: type in your username -> ftp password: enter your ftp password -> "When log gets..." filed: the size of the logfile when it sould get uploaded; you have to think here a little, depending on what you're after: if you want a quick log, enter a small filesize (5-10000 bytes). If not, 500000 bytes (50KB) should be ok. Note that some ftp servers have a size limit, but that's your problem. -> Logfile name fileld: enter a filename, any extension, or no extension, etc. Note that you shouldn't type system filenames, cause they will get overwritten... That's it, hit "Build Server", and you're done. The editor will make a "server.exe" file, in the patch where you have the editor. DON'T compress/encrypt or otherwise tamper with the server file! Now all you have to do is make your victim run "server.exe"... Ghirai Server: dropped file: c:\WINDOWS\SYSTEM\fks2.0_server.exe size: 2.624 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "FKS v2.0"MegaSecurity