
            Hooker, the intelligent trojan keylogger
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                ( 2.5,  )




     Disclaimer
     ~~~~~~~~~~
           ,
            ,
        ,        .    
        freeware.   ,   
           - -
     ,  ,        
     .    ,  ,  -
          .



      
     ~~~~~~~~~~~~~~~~~~~~~~
                  -
- .  ,    ,   -
   ,    ,  -
,     ,    
   .      
-    ,    -
    DOS.  ?   "  
        -
  - ." (   )  -
 :           
   DOS.          -
  . ,   -
       , 
 .

       hooker'a -   ,   
:

        -  ,  ,      
        HookDump
        -       
        -   
        -          
             
        -     Win95/98    NT 4.0/5.0
        -  

         MS Visual C 5.0.  MFC' -
    -        ,
     .     ,
   ,         
Borland C,     WATCOM.   ,    -
   ,    .    -
-     - .



       
     ~~~~~~~~~~~~~~~~~~~
              -
  .           
   :

     HKEY_LOCAL_MACHINE -     
     HKEY_CURRENT_USER  -   

     \Software\Microsoft\Windows\CurrentVersoin\,      
      :

     Run                  ,    -
                         Path,    -
                       (NT:  %windir%\system32,      Win95/98:
                     %windir%\system)    Path -
                     .

     RunServices           (-
                         ).     -
                        Win95/98.

     RunOnce             .
                            
                           
                     ,    RunOnce.

     RunServicesOnce    ,    -
                     ,     NT

     - ()       
  ,      
        -
    ,      
Run  RunServices.      -
:   ,          
   RunServices\.exe?        -
      .    
   RunOnce  RunServiceOnce    -
 .     hooker'a   -
           -
  Restart_ID,  ID -     (DWORD,
        -
).



     
     ~~~~~~
      ""       Win32  -
 .      . .. -
  CallBack ,      -
 .       dll.   
 ,       -
    dll.  hooker'e CallBack   -
    ,    -
   .     -
 dll          -
.        dll' -
           -
 .        -
      dll,   -   -
  .       
           
 .      ,   -
     .    
   .    ,  -
  ,   ,  ""  ,
   ,       ,  
 .

     -              -
       ,    ,  -
          ("login", "passw", "term", "" 
       ..)
     -    ,    (SHIFT,  ALT,
       CTRL, TAB, MENU, Caps Lock, Num Lock /etc),   
       , .
     - ,      , ..  -
           ,    "   
          ".       -
       ,  ,     /-
        .      , -
               -?
       ...    :)

               -
  .



       
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          -  ?   -
  ,  ,   .     
 ..    RAS ,      
 .       RASAPI32.DLL,
      , ,  ,
      .       
   LoadLibrary/GetProcAddres.   -
 RASAPI      .   -
      RAS    
         .
   TCP/IP         -
 .   ,     -
   TCP/IP,   hooker     .
             
 .
              -
,  , IP   . -
,         -
.



            web
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     -        
 ?    BO,  NetBus,    DeepThroat,
WinCrash...            
.        :)  -
    Delphi  MS Visual Basic,     -
  Back Orifice.       ,
-      ,  -
 ...   ,      
     .   hooker'a  -
  web        .    
               
.          -
,    ,     ,    
   .  ,    hooker -
  .      
      web.     
  .    web  -
,       .    -
      ,   
 www.myhost.ru/file.exe:8000



     
     ~~~~~~~~~~~~~
        ,   ,  ,  ,
  ,      :)
Eprst  happy99@mail.ru,     Harmer    harmer@mail.ru,        Alex
tanatos@mail.ru,  Plan paln@mail.ru,   praver@mail.ru,  
dmetry@usa.net,    Androyd  androyd@chat.ru,          
darkmonk@mail.ru
  - ...




          .
:  hooker@mail.ru    shade@beer.com



                   ACrazzi & Shade, 24.10.1999
