by starlight2003
Written in Visual Basic
Released in January 2005
-----------------
MSN Spy Lite v1.0
by starlight2003
-----------------
Logs the following details and saves them to localhost:
- Email Address
- Nickname
- User status
- Unread Mails
- Service ID
- Received Files Dir
- Contact List
- Contact History
Server Builder:
- Install Name: Filename to install in sysdir, leave out extention.
- Reg Value: Reg value to create for startup.
- Log Folder: Folder to create in <sysdir> to save logs.
Logs are saved in following two files, which means
you only need to download two files periodically
with your favourite trojan horse.
msnlog.log [contains all conversation logs]
contacts.log [contains all user contacts]
- Settings are encrypted.
- How to remove:
Delete <regvalue> you specified in registry by searching for it.
Delete <sysdir>\<install name> you specified.
Delete <sysdir>\<offline log> folder you specified.
- Known bugs:
On some MSN versions you get empty contact list and contact history,
this sometimes happens if user is not logged into msn when the program
starts.
Tested on WinXP.
Beta testers:
th3killer
StafraK
vito
flowby
Credits:
Editserver example and example of using msn api by Alchemist.
Skin by unknown.
starlight2003
Server:
dropped files:
c:\WINDOWS\system32\%servername.exe% size: 15,430 bytes
c:\WINDOWS\system32\sysdir\contacts.log size: 22 bytes
c:\WINDOWS\system32\sysdir\msnlog.log size: 239 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "%servername%"
data: C:\WINDOWS\System32\%servername.exe%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "%servername%"
Type: REG_SZ
Data: C:\WINDOWS\System32\%servername.exe%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MSMSGS"
data: "C:\Program Files\Messenger\msmsgs.exe" /background
tested on Windows XP
January 18, 2005
MegaSecurity