Lithium 1.02
(Backdoor.Win32.Lithium.102)
(Backdoor.Win32.Lithium.10.b5)
(Backdoor.Win32.Lithium.10 for SIN.exe)

by Olympus

Written in Delphi

Released in July 2002

more versions 


Lithium Version History
-----------------------

---------------
v1.02
---------------

New Features -

 - Added static scripting variables: $sv_windir,
   $sv_sysdir, $sv_tempdir, $sv_clientdir, $sv_username,
   $sv_compname, $sv_serverip, $sv_serverport, 
   $sv_serveraddr, $sv_serverid, $sv_serverver, 
   $sv_serverpass, $sv_connected, $sv_connecting
 - Added new client cset vars: fileexp.editbox,
   filesearch.editbox
 - Added new scripting functions: deletefile, copyfile,
   movefile, fileexists, readfiletobuffer, writebuffertofile
 - Added fake message box on server start
 - Added options to disable guest account and queries
 - Added save passwords/info to file
 - Added ability to change autostart keyname
 - Added remote dos shell
 - Added more buttons to keylogger sendkeys
 - Added sendkeys to window
 - Added regrab screen on refresh option to screen capture
 - Added CGI notify
 - Added download file from URL
 - Added a few more variables to information plugin
 - Made hide cursor *better*, though it still doesn't work well
 - Server now actually deletes itself on remove
 - Directories are now deleted recursively
 - Added right and left up/down mouse events to screen capture 
   (w00t), just click in the captured image and the click will 
   be simulated server-side

Changes -

 - Made server load winsock 1.1 instead of 2.2 (forgot about this)
 - Keylogger raw memo now logs window changes

Bug Fixes -

 - Removed download/upload negotiation delay
 - ICQ pager strings are now URL encoded
 - Fixed 9x systems displaying 0mhz as CPU speed in queries
 - Blank window names in window explorer are now shown if visible
 - Connected clients listing no longer displays clients who have
   not logged on yet (clearance level 0)
 - Fixed pointer not being freed in registry listing
 - Fixed server not removed from registry on every startup method
 - Fixed execute file not always working properly
 - Double clicking in file scanner now connects to host
 - Hostnames are now resolved in address book



Client:
port: 31382 TCP


Server:
c:\WINDOWS\SYSTEM\Shell32.exe 

size: 19.645 byte

port: 31415, 31416 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Shell32"
MegaSecurity