D0ped - Malware Gallery

Informations

Author	Zeromatic
Family	D0ped
Category	Remote Access
Version	D0ped
Released Date	Sep 2002, 22 years, 2 months ago.
Language	Visual Basic

Additional Information

Server:
size: 184.320 bytes

port: 1661 TCP
 
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Rundll32"

Author Information / Description

d0ped Trojan is a client/server thing, running under any Windows9x or XP.
 The zip-file containing this textfile, also includes a setup file. 
 Install the packets, then walk through the Start/Program menu. You'll find
 a new menue called "Telhack Inc", whereunder you'll find the Client app.
 
 The server application is simply named "d0ped.exe" as default.
 As far as i know, CTRL-ALT-DEL (which - ofcourse - your'e able to disable:)
 list will display the EXE-name of the file as a running process.

 You might see this "trojan" as a later version of the "Rths"-trojan? 
 Well HECK it's not! This one is not to be controlled by any
 terminal session, it has its own client application. The d0ped Trojan
 also contain a lots of (new) amusing functions, for example:

 * Snoop on users Internet Explorer navigation
 * Edit filesystem
 * Process and hardware status
 * Constant change-of-system-wide-parameters status
 * Hide mousecursor
 * Very nice black textscreen function
 * A silly "Please Enter passwords:" function
 * Automatic search for Internet login/password
 * Desktop management
 * "Use 'Em": use the server to initiate a third session.
   (Use the target as a secound terminal).
   * Or initiate a hidden pingflood against.. anything. 
 * Desktop Management
 * Port- and Password Settings
 * A cute "incomming data"-textbox

 
 - Default port is: 1661
 - There is no password set as default.
 
Zeromatic