from the doc: Dial-Up Trojan ===> coded
by G3H3Nã '99 IE5 version I┤m no
responsible for what you do with this software, if
your girl-friend gets fucked, or if the world
ends!! I repeat, I`M NOT RESPONSIBLE!!! The
main purpose of this is to steal the UNIs (User
Network Identification), you know, the password
and username to acess the Internet of the victim.
The trojan is a bogus Dial-up window that imitates
the IE5 one, well you┤ll not note the
difference!!! I┤m planning to do the IE4 and
IE5beta ones but will see about that later! So,
you┤ll need to upload some files to the victim
computer. For you to upload the files the program
needs to run, the victim needs to be infected with
a backdoor like TheThing (by Blade), Subseven (by
mobman), BO, or Netbus,... with the upload and
spawn capabilities!! ** PLEASE READ THIS ALL
THIS TEXT BEFORE TRYING THE TROJAN ** It consists
in this files: - Neededfiles (This are the
files you have to upload to his c:windowssystem
directory to run the trojan!) - inf.ini [you
have to upload this file to his c:windowssystem
directory, if you don┤t do this the program will
not work!!] - DUT.exe (The trojan) What the
program does: The best way to understand how it
works is to try the trojan in your own
box! When you run the DUT.exe it will make a
copy of itself to "c:windowssystem" and stay
resident in memory watching for a connection, if
you're online and the number of the Day = Minute
then the connection will hangup and it would
appear the bogus dial-up window! Here the victim
(if you┤re trying yourself, then it would be you)
would put his Username and Password which will be
saved. When it hits "Connect" it would say "Could
not detect modem.It may be in use, turned off, or
not installed properly.", just like the real
thing! Then the victim will close the window
thinking thats something wrong with his dial-up
connection and try again with the real one! (Well,
if he doesn┤t try thats no problem at all, maybe
in the next day he will!) The next time the victim
connect it will not hang up!!! It will send the
emails to you with the info: ISP, UseName and
Password and delete all the traces of its
existence. If the victim doesn┤t fullfilled all
the info no e-mail will be sent! So that you┤ll
not receive only a username with no password or
whatever! If he doesn┤t fullfilled in the Username
and Password box and try to go online again it
will not hang up, only if he reboots and try to
connect again! This way if the victim ignores the
window it wouldn┤t hang up all the time! If the
victim was infected once by someone he can not be
infected again. This is because the trojan
generates a flag when the e-mails are sent, so
even if infected again it will not send the
e-mails to the other guy! When the victims box
is sending to you the e-mails with the info
(you┤ll receive 3 of them,one with the subject
"UNI==> Password:" which has the password,
another with the subject "UNI==> UserName:"
which has the UserName and another with the
subject "UNI==> ISP" which has his ISP.)
without his notice, (of course! :->), the
ctrl-alt-del and alt-esc will not work so the
victim can┤t break the tranfer!! :D (nice
feature!!). The trojan has some stealth modes too:
it doen┤t appear in the tasklist and in the
taskbar when he is in memory! When the trojan have
already sent the e-mails it will wipe all traces
of its existence! And next time the victim reboots
it will wipe automatically the main *.exe which is
in the "c:windossystem" directory. The file
"inf.ini" is very important coz thats where the
trojan will go find the info to where he would
send the info he collected: "mail to" and "ISP"!
If you open this file with notepad in the 1st line
is the e-mail that the trojan will send the info
to, in the 2nd line is the victim ISP, the ISP is
important coz thats the ISP that will appear in
the bogus dial-up window! So you should know
what┤s the victim ISP. So, before you upload this
file to his "c:windowssystem" directory change
the e-mail to where you want it send the e-mails
(probably your e-mail) and his ISP. * Note:
you can┤t rename inf.ini and you must upload it to
"c:windowssystem" !!! I┤ve released an
antidote to the trojan (dutwiper.exe) !! Well,
what he does is tell you if your infected or not
and if you are he cleans it for you!! Hope it
is usefull , well it is to me!! G3H3Nã
