Written in Delphi

Released in january 1999

Made in Russia

Shtirlitz 2.17 from General Failure
--------------------------------------

Shtirlitz can send victim's passwords and other stuff entered in 
windows with "secret field" (e.g. "Passwords: *******") to 
your email. Shtirlitz consists of 2 files: 
MSTConfig.exe   ---  configurator program
shtirlitz.exe        ---  trojan (should be sent to victim after configurating).

You may configurate shtirlitz.exe to your email and needed SMTP server
through which mail be sent (you may use default)... Run MSTConfig.exe
and press "Open EXE...", then open shtirlitz.exe and enter in the field 
"EMail Addr" your email address (I may use your real own mail box -
nobody will see it, it'll be encoded in shtirlitz.exe), connect to internet,
enter SMTP server's hostname and press "Lookup IP" - IP address of SMTP 
server will appear instead of hostname (you may write IP if you know and
don't connect to Internet to look it up). Then press "Save data", "Quit".
Now your Shtirlitz.exe is configured. You may rename it and send to victim.
Please, don't try to attach Shtirlitz to any executable file - it won't work! :(
version 2.17 doesn't allow to attach to exe files with for example SilkRope.
You may rename shtirlitz exe to any name you like.

Once infected victim's windows will allway run Shtirlitz and it'll try every
3 minutes to connect to SMTP server and send detected passwords (method of
detection is the same as in GF) to your email.

Good luck!

GF.


Server:
c:\windows\Spool64.exe 

size: 27 KB

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "TSpool"