Anyone heard of a RAT named Infector NG, I cant seem to find any information on it from AV companies. It doesnt appear to have been released yet but i do not wish to give the webpage incase of scriptkiddies. It appears to be linked in some way to SUB7, no copies seem to available yet so i cant test it against AV products. It could pose the next threat from the scriptkiddies and their RAT tools. Not sure if i can post the web address or not. So any help would be good, or if anyone has heard of this?


Qoute from homepage on 12/02/04

Infector returns with the release of Infector NG 2004, this like the other RAT tools we have made will be awesome, check back soon.
From its features list it seems pritty typical.

Server Options - Close Server, Remove Server, Change Port, Change Password

System Options - Reboot System, Power Off System, Shutdown System, Logoff User, Force Reboot

Notify Options - ICQ Notify - Storage for up to 2 UINs that can be automatically notified on internet connection/server start
IRC Notify - IRC Channel to notify on internet connection/server start (IRC Bot capability)
sin notify email notify and cgi notify

Client Options - Desktop Preview (Adjustable quality)fastest one ever
Video Preview (Video capture quality)

Data Theft - Get System Information - PC Owner, Current Username, Resolution, Timezone, ICQ Bookmarks/Received Files/UIN Dirs, Windows Version, Name, Version Number, Server EXE Name, CPU Speed
Directory Lookups: Windows, My Documents, Favorites, NetHood, Temp Internet Files, Cookies, PrintHood, Start Menu, Startup Menu, Recent Files, SendTo, Desktop, Program Files, Common Files, Media, Wallpaper, Inf, Config
pc details add in fetaures computer name Registered organisation registered owner workgroup Memory
processor name processor speed display resolution default printer hard drive

General Features - Open/Close CD-ROM, Disable/Enable Ctrl+Alt+Del, Show/Hide Desktop Icons, Show/Hide System Clock, Show/Hide System Tray, Show/Hide Start Button, Show/Hide Taskbar, Freeze/Unfreeze Mouse, Disable/Enable Desktop, Disable/Enable Taskbar, Monitor On/Off, Scroll Lock On/Off, Num Lock On/Off, Caps Lock On/Off, Open browser at specified page, Remote port scanner, Enable/Disable keyboard, Swap mouse buttons, Mouse trails On/Off, PC Speaker On/Off, Open chat window, FTP Server On/Off, Get/Set Time/Date, Flip Screen, Keylogger On/Off, Port Redirect, Print text on remote screen, Registry editor, Get cached/RAS/ICQ passwords (WNetEnumCachedPasswords), Control Mouse, Show Messagebox (all types, any text), Windows colours trillian pw

App Manager - List Applications, Window commands (Show/Hide/Enable/Disable/Minimise/Maximise/Restore/Close/Stay On Top/Not On Top/Change Caption), Tile Windows, Cascade Win
As no copies appear available or the link is dead i cant report on it or send a sample to the AV compaines.

I have included an edited screen shot of the website with the addresses blanked out.

All out