by Umbra
Client is written in C++, server in Delphi
Released in December 2001
Made in Germany
Schneckenkorn V1.0 ================================================================================ "Schneckenkorn" is a trojan horse based on TCP/IP. -------------------------------------------------------------------------------- The server uses port 1218 for communication and port 1219 for file-transfer. You can test, if there's a server active on your system by using "netstat -a". To clean up an infected system - use the uninstall feature in the client-program. Schneckenkorn is able to fight some firewalls: - Norton Personal Firewall 2001 # tested with version: 2.5.30 - ZoneAlarm # tested with version: 2.1.25 This feature is only BETA - so don't be sure that it will always work ! Important: You mustn't use "Schneckenkorn" for any illegal activities ! Read your local law and stick to it. It should be possible to encrypt the server-exe-file with tools like AsProtect, AsPack, etc - this could be a way to use Schneckenkorn even if it is recognized by the heuristic search engine of an anti-virus program. Schneckenkorn was developed unter Win98 - it should work on other versions too. For any direct as well as indirect damages caused by the program itself or it's usage, the author will not take any responsibility ! I only provide a mean to demonstrate a security hole - you are allowed to use it, but you also take full responsibility. The language used in this program could make you think Schneckenkorn was a trojan horse, only developed to hack other users and cause harm. In spite of this, I only use such expressions because they are very easy to understand - this program is only a demonstration of a security hole !!! A last thought: Don't mess in other user's data - if you use this trojan to fight childporn, nazi-propaganda and similar shit, I also won't take any responsibility - but you can be sure to get my respect and THX !!! ;-) -------------------------------------------------------------------------------- (c) Umbra Client: port: 1219 TCP Server: dropped file: C:\WINDOWS\WINSYS32.EXE size: 556 KB port: 1218, 1219 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\RunMegaSecurity