June 4th, 2002, 06:04 PM
There are hundreds of trojans and different backdoors out on the internet but one ive found seems to me to be the most dangerous. It's called Ackcmd from http://ntsecurity.nu/toolbox/
what it does is when the user/hacker/cracker what ever you want to call them, opens up the client he types in commands to be executed on the target host. The client then encodes the commands into ackpackets and sends them to the target. because they are ack packets they have a better chance of penetrating a firewall then anything else. When the server recives the packets it executes the command and send the reply back via encoded ack packets. As you can see this backdoor is very dangerous and can give the attacker alot of power over your machine. But it gets worse unlike most backdoors they show up on antivirus sweeps but not ackcmd, ackcmd is completly stealth. To remove the server just search for ackcmdS.exe but remember script kiddies the only "hackers" that use widely distributed trojans love to use binders or mergers To remain stealthy which doesnt work if the target has antivirus because most all antivirus software has the ablity to scan executables for virii or trojans, But as I said before ackcmdS wont show up on most antivirus software. So an ackcmd server bound with an executable will prove a pretty powerful tool to a script kiddie, well even a pretty skilled hacker it would prove useful. I hope antivirus companies will fix this problem.
June 4th, 2002, 06:30 PM
does it only communicate through port 80, or can you change it
June 4th, 2002, 06:42 PM
In addition to an antivirus program, I also have Tauscan, a trojan remover, running at all times. (Yes, I am paranoid, even though I've never had a trojan on my machine!) I checked the database and see that Tauscan does list Ackcmd as one of the trojans it protects against. I have my doubts, though, as to how many people run an anti-trojan program.
June 4th, 2002, 06:58 PM
Apparently, this trojan has been written as a demonstration, to show how easy it would be to penetrate firewalls The server uses ports 80 and 1054, and, once installed, gives a remote dos prompt. An excellent page describing the program and linking towards a page explaining the details of the method used can be found here.
This trojan isn't as bad as it looks on first sight: to install it, you have to manually start a server, and, once installed, you can easily kill it by stopping one process. The trojan has been reported working on Windows 98, NT and 2000.
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
June 4th, 2002, 09:03 PM
My norton detected it... Can't be that good..
June 4th, 2002, 09:16 PM
Thats weird cause i just updated my norton and it didnt find it or my bound version.
June 4th, 2002, 10:15 PM
check your settings, my norton detected it aswell.
\"Why is the bomb always gettin\' the last word?\" - Will Smith - Lost & Found (2005)
June 4th, 2002, 10:25 PM
ok i tweeked my settings and it detected my single version but it didnt detect my bound version
June 4th, 2002, 10:49 PM
hmm re- check your settings at your norton, I've got the corporate edition version 5/29/2002 rev. 6, and it detected as well