by Ghirai
Written in Assembly
Released in October 2004
Theta is basically a 6.4 Kb cmd server. Might seem much for just a cmd server, but it's so big because of 9* compatibility (I mean injection, read technical details). What is a cmd server you ask? Well, it's a server, that enables you to have access to another computer's command prompt, which is often all you need, because from there you can do anything (providing you know basic DOS commands); you can even download and run a file from the Internet. Theta 2 key features: - it's written 100% in assembly (server and server builder), resulting in small file size, low memory print, and high speed. - it's not bloated by unnecessary features. - ability to password-protect a server - reverse connection (for servers installed on systems behind routers/proxys/etc). - it uses a injection method that isn't very common, so that, once installed, the server can not be removed, unlike the standard dll injection techniques you will find in most other RATs. - the server is highly configurable. - you can connect to your server from any operating system that supports TCP/IP and has a terminal. You can also use it as a back door to a back door, in case your other RAT gets detected/removed/whatever. Theta will make sure you always have access to the box. Requirements: The package (server and editor) will run without any problems on any 386 and up processor, with at least Win95, and Winsock 1.1 or higher. It accepts an unlimited number of clients, and features reverse connection, ICQ and PHP notifications. What's New in Theta 2 Theta 2 (compiled in August 2004 - released in October 2004) added reverse connection added password protection changed CGI notification to PHP improved some error handling and memory leaks other minor server tweaks Ghirai dropped file: c:\WINNT\system32\theta_server.exe size: 9.728 bytes port: 51086 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "theta" data: theta_server.exe tested on win2000MegaSecurity