
     
     Copyright me,  1999.

        :
     http://www.iskalka.com/stukach


 -    ,      --,     ,         (  ) .  ,          ,     .

    : -  -.    "StukSt.exe".         ,    -   ..    ,    ,   "Create Trojan". ,   "agent.bin",      ,   EXE- (  -  "RunMe.exe"  ),       .    .


***       "E-MAIL"  "SMTP SERVER"?

    -   (,    ),     ,            SMTP-,    IP-. ,           .

    (   ),    ,     .        ?   ,       IP-        -  ?     :

1.       ,       SMTP (   - "mail.hotmail.com",  Yahoo - "smtp.mail.yahoo.com";     ,   ).   SMTP       ,     25-    "smtp.thatserver.com"  "mail.thatserver.com".     "220- ESMTP server ready",    .

2.   SMTP     -  -       . (   Win98      "msconfig",    "StartUp",   Win95 - "regedit"-,   "HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run".       ,   "SysReq",       ).

3. Looks like fine?          ,        ,   .

4.   "RunMe.exe"  ,   . .  "".


***    

     ,   .   ,      .

       -- -  ,      -.      ,      " ".

",       ...        ! ,  ,  ,     !     ,       (     ,   ,      - ,   !),      ,     32        (           ...),         -   ,     ...  ,  ,      ...   ,  ,           ,        ."

     ,      "SEXSTORY.TXT(100 ).EXE"   ,  "TROJAN.EXE".

       ,       ,  http://www.hackzone.ru/alert/. 


***   :     

,             .  ,   -   . ,             99   2% .  .    ,              ,       .     ,   -   -  ,        -   , ?     ?

,      -           ,   .  -   -     ,     .     !       ,    .


***   

  ,             .      ,   -   ,       .   ,       .

:        ,       ,    ,     ,       .     Microsoft Visual C++  5.0 (  ). !!!     (!)   "Link Incrementally",            ,    .     !     "Project", "Settings...(AltF7)",    "Settings For"   "Win32 Release",    "Link",  "General",  "Link Incrementally".

 :     "Win32 Application",       ,      "MAIN.CPP" (Project, Add to project, Files...).

 ,    ,    -    ("a+b"  "a*1-(-b)"),  .   . 


***      (  )

"Your e-mail address", "Your SMTP server" -    ,       .    -  ,         "yourname@mailserver.com" ()  "smtp.mailserver.com"  "mail.mailserver.com" ( ).     ,       SMTP-.

"Show message", "Title", "Body" -     ,        .     ,  ,     .

"Run any EXE", "File to extract and start" -   ,     -    .        .  ,       , (. "Show message"),    ,   ,     .

 "Create Trojan" -  ,        .    "AGENT.BIN",     ,    ,     ,    ("RunMe.exe"  ).

 " Advanced " -  ,    :

"Value for run key" -    ,             "Software\ Microsoft\ Windows\ CurrentVersion\ Run".       .

"Value for storing text", "Value for number of lines", "Value for handle", "Value for counter" -     .  -   ,      .

"Look for connection each" -       .     ,    "pregnant".

"Send mail when have more than XXX lines of text" -    .  ,     ,    "pregnant".

"And at least once per day" -    ,     "pregnant"   ,   ,      .  ,            (,       ).

"Registry path for data" -     ,        (. "Value for storing text"  ).       ( Win95) ,       .

"Registry path for RUN" -  ,   "Software\ Microsoft\ Windows\ CurrentVersion\ Run".       "...\RunServices"       .

"Filename to copy agent into" -   ,       .       (  "C:\..."),      "Current".

"File to extract the attachment to" -   ,    EXE.      "Temp"    .

"Header" -    ,      .  ,   Subject,       .        ("\n")    .


***     (  )

 Start, Run,   "regedit"    .  Enter.      "HKEY_LOCAL_MACHINE",  "SOFTWARE",  "Microsoft",  "Windows",  "CurrentVersion",  "Run".   "SysReq" (         ).   . .


***       ""?

     .    ,     , ,     ,         ,           .  , ,             ,          -          . 

  ,        ,        -?      ,                ,    PWL,       .       ,             .      : "G8Kuw7765uD6".  !!!      ,     .       ,       .

 ,  ,    ,            : "!!! !!!     !!!".         ,      - "!!! !!!     !!!".       ,     .  ,  ,      ,    ,      ,     - .       ,     ""     :

- ?!!    ?
-  !!!
- '.     .  ?
- !!!
-   ?
-     -.
- .   - ...
- !!!   !!!  -  !!!
-       ?
-     -...
-  ?
-       ,   .
-  ?
- "- --".
- ,       ?
-       ,     , .
-     ,  !
-   ?
-  !!!

(      ,         )

- --. -. --. -. -, , ---...
- , .        ,   ?
-     -   !!!    !!!  ,  ,     !!!

(      )

- ,    ,      .
-  Enter .
-   .
-       ?
- - ---.
- .      ,     "username"?

(   -      ,   )

- .
-      -  - "alex".

(   -      )

-      ,     "password"?
- .
(     .)
-          .
-        ,        .
- ?
-   !!!

   ?   ,  ,     .

  ,  ,     !  ,     ,     ,       ,      ! (    ,       ,  ""   - ,  ..,           ,      :).


***    

        :

Web: mail.beer.com
Smtp server: mail.beer.com
Note: Best server on this page, free POP3 available.

Web: www.hotmail.com
Smtp server: mail.hotmail.com
Note: I recommend to avoid this server. (All your mail and personal info open to everybody). Also, it register and save your IP address. Currently, it requares JavaScript, so anonimizers and proxies theoretically can do not help.

Web: inbox.ru
Smtp server: smtp.inbox.ru
Note: Looks like extreemly slow. Russian language only.

Web: www.myownemail.com
Smtp server: mail.DOMAINYOUCHOOSE.com
Note: Not bad. This service gives you the choice of 200 different domains, so your SMTP server name depends of your domain name. I choose a domain starmail.com and my SMTP was "mail.starmail.com".

Web: windoms.sitek.net
Smtp server: windoms.sitek.net
Note: Not bad. Russian language only.

Web: www.tomcat.ru
Smtp server: pop3.tomcat.ru
Note: Good. Russian language only.

