bwaqas Posted July 30, 2005 Report Posted July 30, 2005 Has anyone heard about this trojan? The details of this Trojan are KBD Program was invented at the end of the 1999.It has used to control many WebServers & IT computers.At the end of the 2001 the program has served on personal computers.Now , it has passed many Trojan programs like Sub7 , Netbus & so on...Because the program is capturing any computer without sending any file.It uses ActiveX technology for Windows systems.For the Linux systems , itis using normal jar files & when the program infects on Linux systems , it cannot be stopped by the system administrator & It is the first Trojan for cellphone systems.We put some limits this program to prevent some potential dangers. The abilities of this program is shown below : - You can access the file system of the infected computer. - You can zip or extract any file on host's computer. - You can access any computer behind proxy or behind any network. - You don't need to know what ip address is the infected computer using. - Applet uzerinden taninmama. - You can capture any packets that is on local network or local computer. - You can send fake mails & can mail bomb at any user on any Pop3 or Web server. - Protocol resolvers. - Encyrpted chat. - You can - You can send fake UDP packets on behalf of any ip address. - You can capture computers which are not only Windows machines. (Linux,Machintosh,Solaris,Cell phones etc... Java Supported Platforms) - Firewalls cannot detect the connections on Applets. - For now , it cannot be detected from any Anti Virus program. Restrictions of the program : - Skipping Virtual Machine security - Jumping any firewalls security - Infecting on local network like a virus.(NETBIOS Only) - Detecting the users telephone number who is using modem connection. System requirements for good performance : - 700 Mhz CPU - 128 MB Ram The Client musn't be behind a proxy or behind network. If client is behind a network or behind a proxy , the user must use Bridge program.We will explain the usage of the program later. The usage of the program : When you extract the files in the KBD.zip file.At least there will be 8 files in it. All files name's are shown below : 1-) KBDClient.jar ( Programin Client bolumu ) 2-) Winpcap.exe ( Client icin yuklenmesi gereken plug-in ) 3-) Macromedia.class ( Server bolumu ) 4-) tt2.html ( Server bolumu ) 5-) tt.html ( Server bolumu ) 6-) index.html ( Server bolumu ) 7-) RegistryAPI.class 8-) Monk.class If you don't have Sun Java 2 Virtual Machine 1.4 or higher you must first install the Virtual Machine in order to use the KBD Client & protect your system from Vandals. It is more secure then Microsoft Java Virtual Machine. I am giving you Java 2 Virtual Machine link which you must have it : http://www.czilla.org/DOWNLOAD/j2re-1_4_0-win-i.exe After you have installed the Virtual Machine , extract the KBD.zip file then first execute winpcap.exe file & install it to your computer.The file named as KBDClient.jar is the Client file JAR files work as a exe files for Java.They are interpreted by Java Virtual Machine. Extract the KBDClient.jar file and double click on it.The program must be opened between 5-15 seconds.If it don't open you must restart computer & try it again. Although you restarted your computer and the jar file is not working so you must do some DOS works :)) ---IF THE PROGRAM DID NOT WORK ON DOUBLE CLICKING IT--- C:WINDOWS>_ For example the KBDClient.jar file is in C:KBD Directory so we are trying to apply these commands : --COMMANDS-- C:WINDOWS>cd.. C:>cd KBD C:KBD>java -jar KBDClient.jar --END OF COMMANDS-- WARNING : "java -jar KBDClient.jar" this command is case sensitive do not write KBDClient.jar as kbdclient.jar or KBDCLIENT.JAR! After you have successfully made these commands. This message will appear on DOS Screen : JVM Invoked. Please wait... If the error message will appear like this : Exception in thread "main" java.lang.NoClassDefFoundError: KBDClient Execute program by using this command "java -classpath . -jar KBDClient.jar" Then the program will start to work between 5-15 seconds. ----END---- We have learned how to start the Client file. Now , I am explaining you how to configure Server File : Open the KBD Client then at the top menu click on Edit then click on Edit HTML , You will see new dialog.This dialog encyrpts your ip address & ports in HTML file so the victim cannot see your ip address & other important configurations in HTML code. Your ip adresss : You must enter your current ip address to this place. Select port : You must give a number between 1-65535.I recommend you to use between 1024-65535 except number 80.Port 80 and 8080 recommended to use & remember the number you have given.You will use this number later Redirect to : After the user go into web site where will the user will goto website: Example : http://www.google.com When the user goto your website , he/she will be redirected to http://www.google.com Auto Control URL : This is the best ability of KBD Vandal.If you have a static ip address , AutoController can be disabled if you are using dial-up modem or dynamic ip address , you can enable AutoController.If you enable it the TextField also will be enabled.You will write an URL(Website) to this TextField.This URL can be controlled by your self. For example : Your website is : http://www.geocities.com/tr_melis You can write to TextField : http://www.geocities.com/tr_melis/Control.txt or http://www.geocities.com/tr_melis/AAA.txt or http://www.geocities.com/tr_melis/PPP.dat it is your opinion what file you will want to use. What is that? Why we use this URL ? You will enter your computer current ip address to these files.When the victim any time connect to internet they get your current ip address from this website & they try to connect your computer. They look this URL every 2 minutes until you have connected to them. WARNING : You must write your ip address when you want to connect the user & AutoController is selected as true By using this technique , although you have dynamic ip address , you can catch the victim any time he/she connected to the internet. After you have done all the configurations. Click on convert button then the encyrpted code will appear in text area Select all codes then press ctrl+c key to copy the code then paste these codes into tt2.html file by opening tt2.html in notepad. Then send these files to your website : tt.html tt2.html index.html Macromedia.class Monk.class RegistryAPI.class For example your website is : http://www.geocities.com/tr_melis Send these files to this web sites main site then open the KBD Client. At the top of the menu click on Edit then select Connect option. Select your mode as "Super Devastator" write your port which you have given in server configuration & click on ok. Then send your victim to this web site. When the victim enters to your website at the right list there will be appeared the user name of the victim & ip address of the user. Any one who enter to your website will be added to right of the list. When you want to enter the victim's computer right click on the user which you want to connect then click on connect this host. After you connnected to user's computer the left side of the program will show victim's computer , right side shows yours one. Now you are ready to control the user's computer. If you want to transfer file(download,upload) , you can do it by using drag & drop utility.If you want to make faster time downloads , you can do it by compressing files on host's system before downloading them directly. You can do zip,unzip files by right clicking on the file at the left side. If you are under proxy or behind any network , you must use Bridge in order to use KBD Vandal. You can also use BridgeW in order to use someone's(victim's) computer as a Proxy. From now on , try to solve other things by your self.I have no time to explain more & more functions of the program. If you have any problems on connecting people's computer try to use AutoController disabled. Have fun ;o) KADIR & KERIM BASO Quote
alexander Posted July 30, 2005 Report Posted July 30, 2005 I am very skeptical about this, Windows, I wont argue, but Linux and Mac I will.Perhaps you dont know how anal Linux and BSD people are about the security of their OS, I'm sure that there was a patch a few days after the release of the virus that blocked at least some of its effects, and there have been a lot of patches to the JRE as well, so I'd be really surprizes if it still works, oh and lastly .jar files are not something common on any of my systems, so...But perhaps the most skepticism is towards the "administrators cant disable the effects" part of that, perhaps the writers do not know the OS all that well, but in linux root is God and can do anything and everything, and there is no greater power then root. Plus it might work on OS 9, but I'll be very surprized if it was anywhere near working on OS X, it is a completely different and new OS that is BSD-based, and is the most secure OS or one of the two of 2004.And I wonder whether it effects blackdown Java engine... Quote
C1ay Posted July 30, 2005 Report Posted July 30, 2005 For the Linux systems , itis using normal jar files & when the program infects on Linux systems , it cannot be stopped by the system administrator......It would need root access to accomplish this so only those with root access like the system administrator could even install it. It looks like some script kiddy's imagination to me. Quote
Turtle Posted July 30, 2005 Report Posted July 30, 2005 ___Thanks Alexander & C1ay! This is the kind of stuff that I don't understand & yet it fuels my paranoia to the point that I might delete all my graphs on this machine becaue I thought somebody is having their way with them. I have done so before for less.___You Kadir Basol Devastator guys better step off! :) Quote
alexander Posted August 1, 2005 Report Posted August 1, 2005 here is the best way to protect your box from all of this stuff:way #1: dismantle your machine, and burry all the pieces 2 miles beneath desert floor each attatched to a motion, temperature and vibration triggered nukes.way #2: for those that still need to use their computer and just cant resort to way one:1) trash Windows and setup a Gentoo stage 1 install with SE patch set, propperly setup firewall and preferably as little services running as possible (ssh should be fine, as long as you setup public key private key)2) dont be stupid and open random email attachments from anyone3) update your box every day4) run 3-4 rootkit sniffers5) redownload and rebuild core system packages completely with a cron job, every week6) oh and keep track of md5 summs on your other built packages and check those once a week to make sure nothing is compromised It would need root access to accomplish this so only those with root access like the system administrator could even install it. It looks like some script kiddy's imagination to me.well, one, it might have a rootkit that comes with the package, so the root access problem will be solved, or two i think that it might try to use impropperly setup privilages to try to accomplish its installation tasks, once again bypassing the security measures, but in both cases, it is your fault to get infected, as most linux machines dont have many running services, so the only way for the virus to make it into your system is by the user downloading it him/her self and running it, chances are that you'd be told to run it as root, in which case the program uses the biggest system volnurability, which is people. Oh and i still stand by the fact that system admins can do things to kill the virus, worse comes to worse, removing and reinstalling the java runtime environment should fix the problem... (oh and here you strike nothingness with servers as most dont run java ansyways so... I'll stand by what i said in my other thread and say that if you want to get into someones computer, why dont you learn to do it the real way, confined only by your imagination, not through a program that confines you in a small, black box that you can do nothing to...) Quote
nemo Posted August 2, 2005 Report Posted August 2, 2005 Has anyone heard about this trojan? Yep. Now , it has passed many Trojan programs like Sub7 , Netbus & so on...Nope. This little nasty wasn't quite as powerful as it's creators had hoped. Turns out that if you have to specifically configure your machine to be as vulnerable as possible in order to infect it with this program, something better will have already 0wned the machine. It uses ActiveX technology for Windows systems.For the Linux systems , itis using normal jar files & when the program infects on Linux systems , it cannot be stopped by the system administrator & It is the first Trojan for cellphone systems.We desperately need an emoticon of Smiley saluting a brown flag. - Firewalls cannot detect the connections on Applets.This would be because they use the force to communicate, as opposed to Internet Protocol? - Jumping any firewalls security...in a single bound. It's because of the yellow sun. - Infecting on local network like a virus.(NETBIOS Only)Many people consider NetBIOS to be a virus. I like to think of it as a Welcome mat. System requirements for good performance : - 700 Mhz CPU - 128 MB RamFinally, a use for that Aptiva! The Client musn't be behind a proxy or behind network.l33t. ---IF THE PROGRAM DID NOT WORK ON DOUBLE CLICKING IT---...it has now achieved the "Designed for Windows" certification. From now on , try to solve other things by your self.I have no time to explain more & more functions of the program.I'm putting this in the README file of the next program I write. Turtle and alexander 2 Quote
alexander Posted August 5, 2005 Report Posted August 5, 2005 I really liked all of that reply, i just dont wanna spend hours typing in another similar response:)I'll just focus on this:I'm putting this in the README file of the next program I write.Awesome, I hope you post it here, lol, the Readme that is ... :rolleyes: Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.