|
BoSniffer is Really
a Trojan
Reported August 31, 1998 by Ken
Williams on NTBugTraq
VERSIONS
AFFECTED
Windows machines infected with BackOrifice
DESCRIPTION
FROM KEN WILLIAMS, USED WITH PERMISSION:
I recently came across a program called "BoSniffer.zip" that the author
claims will "block key points in the registry from BO as well as search
for existing installs of the backdoor." |
|
Close examination has revealed that
this is actually a BO server with the "SpeakEasy" plugin installed. If
you run "BoSniffer.exe", the BoSniffer executable (read: BO Server
Trojan w/ SpeakEasy) will "attempt to log into a predetermined IRC
server on channel #BO_OWNED with a random username. It then proceeds to
announce its IP address and a custom message every few
minutes."
This program, "BoSniffer.zip" is currently being widely distributed as
a "cure for Back Orifice infections". It is probably being distributed
with other software packages and with other names too. Listed below are
relevant details about this program.
File Sizes (in bytes)
-----------------------
231068 BoSniffer.exe
108573 BoSniffer.zip
MD5 fingerprints and strings (checksums)
------------------------------------------
MD5 (BoSniffer.zip) = 2d75c4ac54b675778ff22f76f9a6a77f
MD5 ("string") = b45cffe084dd3d20d928bee85e7b0f21
MD5 (BoSniffer.exe) = 63748087b2e1598fcf34498b0295212e
MD5 ("string") = b45cffe084dd3d20d928bee85e7b0f21
Evidence that BoSniffer.zip is really BO Server with SpeakEasy Plugin:
---------------------------------------------------------------------
sector 0x028C38
irc.lightning.net:7000:Hey MASTER where are u!!!
sector 0x0303F0 - sector 0x0306D8
sector 0x031848
SpeakEasy.dll
sector 0x0318A8 - sector 0x031980
#BO_OWNED with IRC commands:
Own Me @ .NOTICE .JOIN #BO_OWNED host server :Owned USERNICK BO
.QUIT Psssst...Speakeasy was told to shut down
.NOTICE #BO_OWNED :Psssst...Speakeasy just started up
|
Tools for Removing Spyware, Adware, and Malware
PC HELL
Other Pages
Spyware/Adware Removal Help
MSBlast.exe Worm Removal
Welchia (Dllhost.exe and SVCHost.exe) Worm Removal
Uninstall McAfee Instructions
Uninstall Norton Instructions
Uninstall Avast Instructions
Uninstall AVG Instructions
Uninstall Antivir Instructions
Uninstall Panda Instructions
How to Manually Run the Microsoft Malicious Software Removal Tool
Bloodhound.Exploit.6 Virus Removal
MyDoom Virus Removal
MiMail.C Virus Removal
Swen Worm Virus Removal
SoBig.F Worm Removal
Dumaru Virus Removal
BugBear.B Worm Removal
SoBig.E Worm Removal
Pop Up Ad Removal Info
KAK Worm Removal
MiMail.A Worm Removal
W95.MTX Virus Removal
Snow White Virus Removal
BadTrans Trojan Removal
Wininit Virus (Bymer Trojan)
Happy99 Worm Removal
VBS Netlog Worm Removal
Pretty Park Worm Removal
Sasser Worm Virus Removal
Backdoor SDBot.H Trojan Removal
VBS.Loveletter Help
Computer Security Information
Back Orifice Information
PC HELL Main Page
iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad
Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.
|
