HTTP RAT 0.1b (d)
(Backdoor.Win32.Zombam.d)

by zombie

Made in C

Released in March 2003

more versions


[HTTP_RAT 0.1b]______________________________________________

coded in C.
works on win9x/2000/xp

[What is it]_________________________________________________

HTTP_RAT is a "web-server" that allows you to browse victim's
computer with any browser on any OS(!). It sends victim's ip 
adress to your email adress, so u have just to open 
http://his_ip[:port] in your browser.

[How to use]__________________________________________________

Run httprat01b.exe, fill in your email addresss & smtp server
and click [Create]. It will make a file called httpserver.exe.
Send that file to victim.
When victim opens it u'll get mail with instructions.

[Features]____________________________________________________

server size: 28kb
view processes
browse/download files
close firewalls b4 running
hmm.. that's all 4 now ;]

these will be added in next version:

file uploading/executing/deleting
encryption
ability to kill any process
screen capture
registry editing(maybe)
better hiding/startup methods
automatically find smtp server

zombie


Server:
c:\WINDOWS\Cookies\ckmgr.exe 

size: 29.392 bytes

port: 80 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ckmgr" 

MegaSecurity