Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

DUT

Overview

Vendor Description

 from the doc:
Dial-Up Trojan ===> coded by G3H3Nã '99
IE5 version
I┤m no responsible for what you do with this software, if your girl-friend gets fucked,or if the world ends!! I repeat, I`M NOT RESPONSIBLE!!!
The main purpose of this is to steal the UNIs (User Network Identification),you know, the password and username to acess the Internet of the victim.The trojan is a bogus Dial-up window that imitates the IE5 one,well you┤ll not note the difference!!!
I┤m planning to do the IE4 and IE5beta ones but will see about that later!
So, you┤ll need to upload some files to the victim computer.For you to upload the files the program needs to run, the victim needs to beinfected with a backdoor like TheThing (by Blade), Subseven (by mobman),BO, or Netbus,... with the upload and spawn capabilities!!
** PLEASE READ THIS ALL THIS TEXT BEFORE TRYING THE TROJAN **It consists in this files:
- Neededfiles (This are the files you have to upload to his c:\windows\system directory to run the trojan!)
- inf.ini [you have to upload this file to his c:\windows\system directory,if you don┤t do this the program will not work!!]
- DUT.exe (The trojan)
What the program does:
The best way to understand how it works is to try the trojan in your own box!
When you run the DUT.exe it will make a copy of itself to "c:\windows\system" andstay resident in memory watching for a connection, if you're online and the numberof the Day = Minute then the connection will hangup and it would appear the bogusdial-up window! Here the victim (if you┤re trying yourself, then it would be you)would put his Username and Password which will be saved. When it hits "Connect" itwould say "Could not detect modem.It may be in use, turned off, or not installed properly.",just like the real thing! Then the victim will close the window thinking thats somethingwrong with his dial-up connection and try again with the real one!(Well, if he doesn┤t try thats no problem at all, maybe in the next day he will!)The next time the victim connect it will not hang up!!! It will send the emails toyou with the info: ISP, UseName and Password and delete all the traces of its existence.If the victim doesn┤t fullfilled all the info no e-mail will be sent!So that you┤ll not receive only a username with no password or whatever!If he doesn┤t fullfilled in the Username and Password box and try to go online again itwill not hang up, only if he reboots and try to connect again!This way if the victim ignores the window it wouldn┤t hang up all the time!
If the victim was infected once by someone he can not be infected again.This is because the trojan generates a flag when the e-mails are sent,so even if infected again it will not send the e-mails to the other guy!
When the victims box is sending to you the e-mails with the info(you┤ll receive 3 of them,one with the subject "UNI==> Password:" which has the password,another with the subject "UNI==> UserName:" which has the UserName and anotherwith the subject "UNI==> ISP" which has his ISP.)without his notice, (of course! :->), the ctrl-alt-del and alt-esc will not workso the victim can┤t break the tranfer!! :D (nice feature!!).The trojan has some stealth modes too: it doen┤t appear in the tasklist and in thetaskbar when he is in memory!When the trojan have already sent the e-mails it will wipe all traces of its existence!And next time the victim reboots it will wipe automatically the main *.exe which is inthe "c:\windos\system" directory.
The file "inf.ini" is very important coz thats where the trojan will go find the infoto where he would send the info he collected: "mail to" and "ISP"! If you open thisfile with notepad in the 1st line is the e-mail that the trojan will send the info to,in the 2nd line is the victim ISP, the ISP is important coz thats the ISP that willappear in the bogus dial-up window! So you should know what┤s the victim ISP.So, before you upload this file to his "c:\windows\system" directory change thee-mail to where you want it send the e-mails (probably your e-mail) and his ISP.
* Note: you can┤t rename inf.ini and you must upload it to "c:\windows\system" !!!
I┤ve released an antidote to the trojan (dutwiper.exe) !!Well, what he does is tell you if your infected or not and if you are he cleans it for you!!
Hope it is usefull , well it is to me!!
G3H3Nã

Alias

 Trojan.PSW.DUT,

Category

 Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password.

 

Origins

 

Author

 G3H3Nã

Others By This Author

  Orion Hunter · WLH ·

Programming Language

 Compressed with ASPack.

Date of Origin

 May, 1999
 

Detection and Removal

Manual Removal

 Follow these steps to remove DUT from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 


 
DSocks41.0  DT2Remover1.00  DTNotify  DTrumpetPING  DUOSW.D.  DUT  DXMSMTPTrojan  DaBoys.Q2!Dropper  DaCryptic  Da_Boys.A  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development