Avast WEBforum

Other => General Topics => Topic started by: polonus on August 20, 2006, 10:22:33 PM

Title: Why no info on hookbyter?
Post by: polonus on August 20, 2006, 10:22:33 PM
Hello malware fighters,

Hookbyter zip contains a worm that is spread to damage the P2P-ing experience. Read here: http://www.governmentsecurity.org/archive/t11934.html

Funny is there is no removal or technical info on this intentional malware, some sites with translations go to erring pages or turn up a 404.

Luckily for us, avast protects against hookbyter. It is not a nice surprise to have it stealthily creep amids your download.

polonus
Title: Re: Why no info on hookbyter?
Post by: bob3160 on August 20, 2006, 10:30:34 PM
Maybe the date of this item (Oct 15 2004) has something to do with it???? ;D
Title: Re: Why no info on hookbyter?
Post by: drhayden1 on August 21, 2006, 01:26:29 AM
bob...finally someone besides me posted an old article..no harm meant to you polonus,my friend,i've posted old articles twice so far-guess i'm not the only one on this forum that needs their eyes checked ;D :P ::)
Title: Re: Why no info on hookbyter?
Post by: polonus on August 21, 2006, 01:54:49 PM
Hi bob and drhayden1,

Hookbyter isn't an old story, new version are to be found on websites as old as 2006, there are three versions, like the Kazaa rar or zip version, tested against the big three av solutions.

A user of this malware states: ...quote:
Hookbyter



This program will download your trojan from the web and open it without user knowing it!
it will also trick some firewaly by injecting in another trusted proces!
then it will check the txt file you uploaded to your web page and used the names that will find in that
txt to spread on all p2p programs(kazaa,ares,emule...)

if p2p spreading option is enabled,please be shore that you upload the list
with filenames you want it to spread like(mcafee,winrar.....)to your web page
and put the right url(that will point to your uploaded txt file with names)!!


I woud like to thanx to Alchemist,brainbuster and many others
for suporting me and giving me ideas.(:



The p2p spreading option is made by Alchemist (: THANX M8!


Bug fixes:
-crashing server when wrong url was entered in settings now is fixed.
-startup fixes...
-activce skin error is ok now!(ocx file missing error = FIXED!)

Ok now the downloader shoud work ok without problems ...but still if you find anything wrong please
let me know i woud realy aprishiate it,thanx

Flow





OPTIONS:
-injection(it will inject itself to another trusted program and trick some firewalls)
-melt server(the file will delete itself and start runing hiden in win or system directory)
-icon changer(god to use it with when p2p spreading enabled)
-download the file on certian date
-option to chouse where you want your exe to be downloaded(system,or windows dir)
-icq ip notifycation(ewry startup it will send you a ip number of a infected computer)
-camera detection(if this option is enabled it will only download if a computer has
a web cam)if you want only victims with web cams. (:
-p2p spreading(this will add a worm function to this downloader,it will spread your exe from computer
to computer using p2p) Unquote....

What do you think of malware intentionally promoted to shy people out of (legit) P2P-ing? it means there is a cyberwar fought out there, and you are not sure who is putting the crap online friend or foe alike?  Please comment...

polonus