mE$$iAh 1.0 v2
(Backdoor.Win32.Messah.10)

by -=|R|S|C|=-

Written in Delphi, source included

Released in August 2002

Made in Hungary

more versions



 The program has a lot of features, and very useful extras:
 - you can control the remote machine via your mobile phone!!
   How?!
   It is very simply: you just send an email via sms from your handy to
   a given POP3 emailaddress, and the server will interpeter it.
 - you can control more than one machine with your handy...
 - you can mailbomb anybody...


 Sounds good, ehh? :)




 History:
----------

 It was accessable a friendonly beta version of this prg, but I got very
 few feedback :( If you have any idea, write me them.

 [+] Winzip icon for the server :)
 [*] Crypted settings in the server
 [*] New keylogging engine, so the server probably works on NT yet
 [*] New communication protokoll between clients and server
     so you can control the server with a pure telnet client too.
     So it isn't neccesary for me to write a linux client, too :)

 What's new in mE$$iAh v1.0?                           2000.08.18.
 [*] New readme file, I corrected some englisherrors...
 [*] You could start the server twice... I fixed this bug.
 [+] Many new commands are added: MD, RD, DIR, STARTKL, STOPKL
     STARTFTP, STOPFTP, STARTBOMB, STOPBOMB, MSGSHOW, WALLP, 
     CACHEPWZ, SLEEP, SOUND, LISTPROCESS, KILLPROCESS, 
     DONTDELETE, INFECT
 [-] The command PWZ isn't any more, its new name is: RASPWZ
 [+] You can make own server file with the makeserver program, 
     called tHe_g0D.
 [*] The client has new design (:-) and its new name is mADaNgEl.
     Thanks for the logo to Nestan!
 [*] I have changed the name of the MSG command to MSGDRAW.
 [*] More optimalization on the code.
 [+] The server uses three random filenames when it copies itself 
     to the WINDOWS\SYSTEM directory
 [+] Formater has helped me a lot. He wrote the linux clients, 
     too... Big big thanx!






 Files:
--------

 madangel.exe                - this is the clients...     - size: 307.200
 messiah.exe                 - this is the server...      - size: 196.608
 readme.txt                  - you are reading it now :)  - size:  XXXXXX
 thegod.exe                  - this is the makeserver...  - size: 142.336




 The server features:
----------------------

[the examples are beetwen these signs]

 Installing:
 - stealth mode
 - it starts itself automatic when Windows starts...

 Note: for these two functions you must only start the server executable,
 then you can delete the file, it's not needed more time!)


 Configuring:
 - you can protect the server with password, the default is SPY
   [+PASWnewpassword]
 - the default port for the server is 2000, and you can modify it, of course.
   [+PORTnewportnumber]
 - you can close the server
   [+CLOSE]
 - you can close the server, and remove from the machine
   [+REMOVE]
 - you must set the host of the POP3 server, through you control the machine
   [+POPHSTexamplehost]
 - you mut set the username to the POP3 server
   [+POPUSRexampleusername]
 - you must set the password for the username
   [+POPPWDexamplepassword]
 - you can set the host of the SMTP server
   [+SMTPHSTexamplehost]
 - you can set the username to the SMTP server
   [+SMTPUSRexampleuser]
 - you can set the emailaddress to send the answer emails to
   [+SMTPS2exampleemailaddress]
 - you can set the timer to checking the online status. Default is 60000 
   (=1 minute)
   [+TIMERexamplemillisecondsnumber]

 Note: you must set up the three POP settings, then you can control the server,
 and upload file via email. If you set up the SMTP suxxz, then you will get
 email notification for the victims online status. The server checks the online
 status periodically, see the TIMER value for more.
 You can not control the server via your mobile, while you don't set up
 the POP3 correctly.


 File management:
 - you can execute any file on the machine of the server
   [+EXECfiletoexecute parameter]
 - you can delete any file from the server
   [+DELfiletodelete]
 - you can copy file on the server
   [+COPYfiletocopy directory]
 - you can move file on the server
   [+MOVEfiletomove newname]
 - you can download file from the server via email
   [+GFILEexamplefiletodownload]
 - you can make a directory on the server
   [+MDdirectoryname]
 - you can remove a directory on the server (like deltree!!)
   [+RDdirectoryname]
 - you can list the filenames in a directory (the default is *.*)
   [+DIRc:\*.*]
 - you can send the server to an email address with the 
   name clinton.jpg.exe :)
   [[email protected]]


 Note: you can transfer files per email, too. To upload file, you must set
 the POP3 settings, to download file, the SMTPz.
 There is already a new thing to use for filetransfer: the ftp server.


 Miscellaneous:
 - you can open the CD tray
   [+CDOPEN]
 - you can close it, too :)
   [+CDCLS]
 - you can turn monitor off
   [+MONOFF]
 - and on, too
   [+MONON]
 - you can close the actual window
   [+CAW]
 - you can send message to the remote machine
   [+MSGSHOWThis is an example message]
 - you can draw a message to the remote machine's display
   [+MSGDRAWThis is an example message]
 - you can change the wallpaper
   [+WALLPc:\logo.sys]
 - you can play sound
   [+SOUNDc:\windows\media\The Microsoft Sound.wav]


 Machine:
 - you can suspend the system
   [+SUSP]
 - you can restart the machine
   [+REBOOT]
 - you can shut down the machine
   [+POWER]
 - you can lock up the remote system
   [+LOCKUP]
 - you can start keylogging (it will store the log 
   in C:\WINDOWS\SYSTEM\WINA386.DLL)
   [+STARTKL]
 - you can stop the keylogging
   [+STOPKL]
 - you can start FTP server
   [+STARTFTP]
 - you can stop FTP server
   [+STOPFTP]
 - you can send mailbomb to anybody (if you don't use parameter, 
   the server will send the mails to the previos victim)
   [+STARTBOMBemailaddress]
 - you can stop it
   [+STOPBOMB]
 - you can pause the server processing the commands for half minute
   Eg. you send an email with this subject:
   [+CDOPEN+SLEEP+MSGSHOWyou fuck+SLEEP+OPENCD]

 Note: power off does not work properly on NT, I think.
 There is Lockup code for NT.



 Informations:
 - you can get the RAS passwords
   [+RASPWZ]
 - you can get the cached passwords
   [+CACHEPWZ]
 - you can get the current username
   [+CUSER]
 - you can get the directory of windows
   [+WDIR]
 - you can get the active processes
   [+LISTPROCESS]
 - you can kill process
   [+KILLPROCESSprocessletter]




 Final Note: to control the server via you mobile phone, you need to
 send an sms-email to the emailaddress POPUSR@POPHST. The commands
 have to be in the subject.
 you can use more than one command in once, eg:
 +CDOPEN+MSGYou fuck!+LOCKUP

 If you would like control more than one computer via email, then
 set the POP things same on all computers, then you can send command
 like this:
 [+DONTDELETE+MSGSGOWhello]
 All computers will process this command, until you send an another
 without the command +DONTDELETE, like this:
 [+MSGSGOWstop!]



 Uninstall
-----------

 The simplest way is sending a command to the server: +REMOVE
 Or you can remove the server manually:
 delete the registry entry JYService from the registry key:
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
 Then you must delete the file: C:\WINDOWS\SYSTEM\J4YSRV.EXE
 or C:\WINDOWS\SYSTEM\WINAPI.EXE or C:\WINDOWS\SYSTEM\MAPISRV.EXE
 The configuration of the server are in the registry, too:
 HKEY_LOCAL_MACHINE\Software\Spy

-=|R|S|C|=-


Server:
port: 2000 TCP

MegaSecurity