April 16th, 2002, 01:44 AM
This trojan has been around for awhile now (1998). I cannot find a trojan detection app or an antivirus that has definitions for it. Any suggestions?
That article claims that someone can be infected with DIRT just by visiting a website that setup to do so. This is not possible, correct?
Any information at all about this trojan would be appreciated.
April 16th, 2002, 01:52 AM
Some viruses can be transmitted to your computer through ActiveX and Java... Its pretty simple if you take a look at the source code... Ill try to find some examples for you
April 16th, 2002, 01:55 AM
Hey methcook I think I can help you out kool name by the way! Download the cleaner it get rid of all trojans you can download it @ http://www.moosoft.com/ Hope this helps!
Now I really hate trojans but there are all kinds of ways to get infected by them. Here's one way from back in the day I used to use them but not anymore. I used to get a picture of myself and combine the server with my picture. I used to talk to females on different I.S.P and IRC, ICQ, and I would convinced them to download it Send the picture to them and the server will install when they open the picture. And the trojan I used was subseven just in case your wondering! And please do not flame me by what I said this was back in the day! I am just being honest
April 16th, 2002, 02:18 AM
Hmm I have never heard of this trojan before.... Would you happen to have a copy of it? I would like to take it apart to see how it ticks....
April 16th, 2002, 02:24 AM
Blunt is a cool name as well..heh.
I have The Cleaner. DIRT is not in it's "Trojan Database". It wont detect it. Actually I think I;m gonna email the people at moosoft and ask them about this.
And no i dont have a copy of it. As far as I know it;s used exclusively by law enforemet agencies.
April 16th, 2002, 03:03 AM
I think it's better that the public does not have this trojan.
April 16th, 2002, 03:10 AM
April 16th, 2002, 03:20 AM
Methcook I think this will help you! DIRT-Bugs Strike! the article can be found @
By Winn Schwartau
Imagine being able to monitor and intercept data from any PC in the world anytime you want.
Then DIRTís for you.
DIRT stands for Data Interception by Remote Transmission, and if Codex Data Systems in New York City has anything to say about it, will become the next law enforcement tool to help stop the bad guys.
The cops are having a terrifically hard time dealing with cybercrime, and they all put on-line child pornography at the top of the list because of the emotional response to it. Suspected terrorists, drug traffickers, money launderers, are also potential targets for DIRT as are various criminal organizations which employ anonymity, remote control and encryption to hide themselves. DIRT represents a fabulous, but questionably legal/ethical means of information gathering by intelligence agencies as well as private investigators.
Thus Frank Jones and Codex Data Systems begat DIRT. "We have to give law enforcement the tools they need to get real criminals. So many of them are now using encryption, DIRT allows law enforcement to read encrypted messages."
DIRT operates surreptitiously as a Trojan Horse. It is transmitted secretly to a target via email in several ways: either as a proprietary protocol, self extracting executable, dummy segment fault, hidden ZIP file, application specific weakness, macro, a steganographic attachment or other methods the companyís technical wizard, Eric Schneider will not divulge.
Once the DIRT-Bug is successfully embedded in the target machine, two things occur. One, all keystrokes at the keyboard are secretly captured and when the target machine is connected on-line, it will stealthily transmit the captured contents to a remotely located DIRT-Control Central for analysis. This is how encryption keys are to be discovered and later used to develop evidence in criminal cases.
Secondly, when the target is on-line, his PC will invisibly behave like an anonymous FTP server, giving the folks at DIRT-Control Center 100% access to all resources. So much for privacy!
Dave Banisar Staff Counsel at the Electronic Privacy Information Center in Washington, DC. said DIRT "Sounds like something the Stasi would have developed." The problem is enforcement and abuse he points out. "The only way to control this technology is after the fact, during the trial when the police have to show how they obtained evidence."
When I first saw DIRT demonstrated in New York (June 5, 1998), I thought, "What if this gets out to the entire Internet communityÖ what will happen if we no longer ever trust our email?"
The vast majority of computer crime goes unrecognized, unreported and unprosecuted. Despite the fact that the use of DIRT or a DIRT-like clone developed by the computer underground violates the Computer Abuse Act of 1984 and an assortment of other laws, the ability to control it remains extremely slim. And the uses for DIRT-like software stagger the imagination:
Industrial Espionage (engineers and scientists computers)
Financial institutions (passwords to key systems)
Medical Records (blackmail, extortion)
Political Sabatoge (government communications)
Spam DIRT to millions of email accounts
Capture all email of targets
Examine recycle bins
Private lists and contact info
Make up your own!
All that someone with DIRT needs to know is your email address. Period. All he has to do is send you an email, with the embedded DIRT-Trojan Horse and heís home free, and you are a clueless victim.
Large organizations usually worry about hackers breaking and entering their networks. Now they have reason to worry that DIRT-Bugs could invade their networks as well; whether launched by an investigating law enforcement authority, international competitors or spies, or just hackers. The last thing in the world they want is for critical workstations to be broadcasting passwords, encryption codes and providing complete system access to whoever controls DIRT-Central.
There are at least a few steps, though, the astute network systems administrator can take to make himself less of a potential victim to DIRT.
At your Internet nexus (router, firewall, etc.) institute a policy that no executables are to enter your organization without examination. This is a good idea anyway to keep out all programs that might carry viruses or other trojans. (Keep DIRT out of your systems)
Disable macros at your browser as a matter of policy. (One style of DIRT payload)
Avoid, if possible, enabling file and printer sharing.
Do not use NTFS unless absolutely necessary.
Use your own cryptographic protection for critical files. (Make remote ftp useless)
Enable cryptographic controls which do not require the user to enter keys at his keyboard. (Nothing for DIRT to sniff)
Replace conventional password access with token based or one-time passwords. (Nothing for DIRT to sniff)
Remove all floppy disks from networked environments. (If youíre networked, what good are they? Does your staff really need them for more than bringing in games and viruses, and taking out proprietary information?)
Unfortunately, most firms with whom I deal have little implementation of the minor policies they have developed. Thus, defending against DIRT can be difficult. However, organizations which utilize NAT and proxies in their firewalls achieve some degree of confidence that DIRTís remote access capability will not function. Just the keyboard strokes (and associated private information) will be broadcast to DIRT-Central.
According to the developers at Codex Data Systems, if you are a solitary PC sitting on a dial-up or a cable modem, there is nothing Ė today Ė you can do except donít click on your email attachments. Of course, ignoring email from strangers is always a good idea. But, if I were a cop or a bad guy using DIRT, I would certainly go after your home PC as well as the one at work. Itís a whole lot easier, and I am going to learn just as much.
With the advent of more and more powerful Trojans, such as DIRT (which only occupies 20K), the threat to our networked systems gets clearer and clearer. As Frank Jones, the inventor says, "There are no more secrets with DIRT."
For more information on DIRT, email firstname.lastname@example.org or www.thecodex.com/dirt.html
April 17th, 2002, 03:26 AM
actually, last week I got infected with the VBS.LoveLetter virus by visiting a site with the source code written on it. so it is possible.