Shappz HTTP RAT
(Backdoor.Win32.VB.aai)

by Shappz

Written in Visual Basic

Released in January 2005


This is one of the only HTTP Trojans out there. 
This is a very simple program for the end user :P, all you have to do is put the 
settings you want in, for example if you use port 1337, 
once you have sent this server to the victim you go into Internet 
Explorer and connect to their ip like this: 
http://<someIP>:1337.
You must use Internet Explorer because.. erm actually there 
isn't really a reason other than it wont work right :D.
This program includes a file manager which you can download,view,delete and execute remote files on the victim pc.
It also has a screen capture feature to view what the user is doing. 
There are also some fun options. Just take a look once you have connected :D

Shappz


Server:
dropped file:
c:\rat.exe
size: 55,904 bytes 

port: 1337 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "rat.exe"
data: c:\rat.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rat.exe"
data: c:\rat.exe 



tested on Windows XP
February 25, 2005

MegaSecurity