by Da
Written in Visual Basic
Released on October 26, 2001
********************************************* * Version 1.5 * * Mega Security Edition * * 26/10/2001 * ********************************************* There's only 1 version of unify 1.5 That's The mega security version... It's delicated to Mr Rat for all the hardwork he has put into his site It's an added feature.. that is it's able to download a file from the net and execute it.. So you can use it as a webdownloader to load a bigger trojan up There will be no more unify after this version, unless someone take the code and work on it that is... Thank you da ___________________________________________________________________________________________________________ In all versions i've nv mention any credits.... Well..since unify is comming to an end..If there's someone i have to thank, i'll thank nexzus Unify was made possible base on part of Nexzus's Ashley trojan. .not a lot.. but about 15% of unify scr is from nexzus.. I would like to thank him for his source code for Ashley Trojan There's also 2 person i would like to greet: MR Rat and WHY I finally felt how WHY feel when those bastards start flaming him... and i admire his work a great deal... One of the best trojan coder out there ___________________________________________________________________________________________________________ ********************************************* * Version 1.4 * * 26/10/2001 * ********************************************* You bastards are so god damn paranoid.... Well Here it is... Many people compain that unify server pass through other servers.. hypermary projectn etc.. I told them that it was for email notification.... Your bloody emails dun come from nowwhere... then u bastards say that oh... email is 25.. bull shit ...... Didn't anyone hear of cgi remailer..... Well... i'm god damn pissed.. This is probably my last version of unify.... and i've made it open source... You people can jolly well fix any bugs you like..There'll be no longer any such thing as enter ur email and viola you get ur notification.. Now i've remove all the email jobs for you.. You have to set up ur own remailer...I've included FormMail 1.6 by Matt Wright You now have to find ur cgi host....setup FormMail... then enter your own remailer cgi url into the section "FormMail URL" The source code can be found in http://groups.yahoo.com/group/unify_Victims under the files section.. Stop bitching about stealing ur victims... That's all .. Should there be a new version... it'll be a much much longer time.. unlikely i'll work on unify much longer.... For those of you who dun have vb or duno how to program...... here are the compile exe...... I've taken all precautions now............unify dun connect to any shit other then ur server.. u mess up ur problem... fix it urself... I've also remove the auto update feature.... manage to trim down the server size...... You can send multiple email notification too.. in the email..just seperate the emails address by commas..... Email 2 was working a few days ago and it was a novel idea to get your emails... But blackcode seems to patch it ... so email 2 is probably out.. Well..i'm not going to fix it......... if you want.. you can fix it yourself... That's all............ Should someone take my code and improve on it.. drop me a note plz.. Thanks da Fuck fdex, slipk who are so paranoid bastards.. Worst of all... fuck rezmond...... ********************************************* * Version 1.3 * * 22/10/2001 (nite 11pm) * ********************************************* Okay man.. 2 release in the same day..... Just had some inspirations......added 1 new email notify under "Email 2" section This makes use of some mailing list on the net... This is how it works.. First get a domain that you own that has an option to forward all emails with wrong alias to a single mail box.. eg@great.com will be forward to [email protected] etc.. A good choice will be a cjb.net domain cos it's free and allow you to forward <anything>@your.cjb.net to any email address Now when unify trojan starts.. it'll attempt to notify you via mailing list (Blackcode or yahoo mailing list) it'll email in the form _ _ _ @yourdomain.com Eg: [email protected] the email will then be forward by cjb.net to a single mailbox which you specify... by looking at where the mailing list is send to... you can know the ip etc... If you duno what i'm taking about.. forget about this option.... treat it as if it doesn't exist..Do not email me asking for help or what so ever.. I'll just ask you fuck off... Blackcode is working and yahoo should be working (i hope) I'm thinking of adding an irc option in.. but i do not have to time to code anymore.. anyone want to help me just email me ... must be in vb.. and no winsock.ocx...... That`s about all..... Any of you all created your own notification out there (cgi or remailer or wat soever.. just send me the protocol and I'll implement it in the next version) Join the discussion group at http://groups.yahoo.com/group/unify_Victims to be notify of new updates Watch for version 2.0 (if i'm going to release it that is... might quit halfway....) DA [email protected] ********************************************* * Version 1.2a * * 22/10/2001 * ********************************************* Fixed a small small bug...... 1.3 will be ready in a few days ********************************************* * Version 1.2 * * 21/10/2001 * ********************************************* Brush up the interface a bit... Added more auto startup... now it's 3 timers harder to remove the trojan for beginners... Fix a bug... Email notification speed up That's all Greetz: Rezmond: You sux.... ********************************************* * Version 1.1 * * 20/10/2001 * ********************************************* Nothing much here.. just fix a slight bug... Added an email notification.. you do not need to fill in an smtp server.. I've taken care of the hardwork for you lazy dicks..... Added a nicer about box... Added GrcSux support.... Rezmond still sux anyway.... That's all ********************************************* * Version 1.0 * * (Debute version) * * 18/10/2001 * ********************************************* As we all know nowadays trojan notification isn't getting any reliable.. esp with icq... That's why people came up with cgi...It's pretty good.. But the problem is that not all trojan comes with cgi-notification.. Well..I came up with this concept call unify.. For now it's just at the beginning stage... It promises to unify all notification methods..... For now in version one.. it can notify via Sub7 cgi logger and icq... So you can just setup sub7 cgi notification and use unify to create an exe wich will work with sub 7cgi.. Then bind it with ur trojan.. it'll now auto notify you via icq and sub 7 cgi..This works for all trojan.. All the fields in the configuration is needed to be filled URL: The url of ur sub 7 cgi.. eg http://fuckme.com/subseven.cgi Trojan name: For personal record to keep track of the various trojans eg y3k, bionet, mooskucker etc Port: The particular port for that trojan trojan password: this is the password for ur trojan suib 7 cgi password:: This is the password for the sub7 cgi.. if u did not password it, fill in 00000 ICQ: Yeah.... u know what is it... There's also and autoupdate feature to make sure that it stays detected.. (But i dun think i'll update it.. it's just for fun) This prog does nothing except for notify via icq and sub 7 cgi *********************************** * Upcomming in version 2 * *********************************** In version 2 which will be release later: -SMS notification -HatAttack Online server list addition (if their server is up that is) -Y3k Online server list (if their server is up that is) -Moosucker online server list (DEAD??) -Email notification -Forum notification (YaBB and UBB ) -Various major guest book notification (Yahoo .. lycos etc) -Irc notification... -Anti Rezmond Routine (Auto remove bionet if dected ) -anything else just send ur ideas to me All these will be implementated if i get about releasing it that is REzmond. what a fucking brat Actually i didn;t really intent to go int the trojan coding scene... just that i was thinking..rez is wat a brat... wat a fucker.... heh....So i dun have a webpage or any shit.. this is probably my first tool specially for trojaners.... and probably my last except for version 2... so i guess i didn't really pay much effort to this..thus u see the gui sux.. and it's coded in vb etc..Adios I'm going to get u rez ;) For all u lamers trojaners out there... Dun bitch me about anything..Dun email me about anything wrong for u etc..Dun even contact me at all... I only welcome feedback, bugs reports, ideas.. and sponser like $$$ etc...(I want a webhoster if anyone can support... but i'm lazy to build a webpage anyway) Attached is a screenshot.jpg that shows the typical screen shot of ur subseven cgi when use with unify. I might make this shit open source in the future... cos i dun really think the trojan scene is worth staying too long...I'm here for the experience...... so if anyone want to carry on the project... just post a msg at http://www.sotmesc.org/gcms/trojans/bbindex.html da
Server: dropped file: C:\WINDOWS\SYSTEM\MsFix.exe size: 57.344 bytes startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run "MsFix.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Run "MsFix.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "MsFix.exe" HKCU\Software\Mirabilis\ICQ\Agent\Apps\ "Path"MegaSecurity