RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?
How do I Remove?
Acid Shivers (modified)
Deep Back Orifice
Deep Throat v2
Hack 'a' Tack
NetBus 2 Pro
Sockets 'de Troie
Master's Paradise currently affects Windows 95/98 PC's.
The "server" portion will delete and replace Microsoft's "System Configuration Editor" utility (sysedit.exe) with itself. The "server" portion is used in conjunction with another file named "keyhook.dll". Both would be found in the WINDOWS directory.
Ports 3129, 40421, 40422, 40423 and 40426 are used in the establishment of connections between the "client" and "server".
Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.
Who is Responsible?
Master's Paradise was written by a German programmer named Dan Lehman. Reported delivery modes include transfer through IRC and AOL chat rooms, email file attachments, exploits of security holes in browsers and email programs and physical installation on machines.
Below are some of the functions that Master's Paradise offers:
The ability to turn on a microphone is particularly threatening as this could permit the hacker the ability to listen to room audio and in effect "bug" the victim's room without detection.
Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?
How to Remove
The first five steps involve editing the Windows 95/98 registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.
Congratulations, Master's Paradise has now been removed from your system.
Copyright Commodon Communications. All rights reserved.