Elite hackers

[quasi-modo]

Internet dating is retarded.

[Thing]

Interesting points:

Real registration info?
http://www.dnsstuff.com/tools/whois.ch?ip=zeropulse.net&server=whois.enom.com&cache=off

Allowing directory browsing is bad:
http://zeropulse.net/

Somebody likes SphtBot
http://zeropulse.net/mute/Downloads/

This guy doesn't know it's 2005.  Check out the dates in News:
http://zeropulse.net/trick/

I find the file sizes in this directory interesting:
http://zeropulse.net/Blaze/D2%20Files/

[Networks]

They're retards if they allowed themselves to get trojanned numerous times...I learned my first time and it never happened again. And I knew when I got trojanned before the idiot could do anything.

[iago]

I find the file sizes in this directory interesting:
http://zeropulse.net/Blaze/D2%20Files/

Hah, I didn't even notice that.  Being rar'd was annoying, I had to install Linuxrar, but eh, it was worth it:

iago@Slayer:~/downloads/viruses/tmp$ ~/clamav/bin/clamscan
/usr/local/home/iago/downloads/viruses/tmp/ALL D2JSP Scripts - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/AutoHit.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/Autotele - Wizard Setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/Colour Game Spam - Wizard.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/Cracked D2JSP - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/D2Mousepads Maphack v6.1 - Auto-setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/HC Hack.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/JHJ Anti-Detection No D2Loader - Setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/JHJ English - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/MM.Bot - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/PvP Buddy - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/SpamBot - Wizard install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/TPPK - Auto.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/WPPK - Auto.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/ZoiD's Pickit - No D2Loader Ver2.exe: Trojan.Prorat.O FOUND

----------- SCAN SUMMARY -----------
Known viruses: 28160
Scanned directories: 1
Scanned files: 15
Infected files: 15
Data scanned: 1.88 MB
I/O buffer size: 131072 bytes
Time: 0.683 sec (0 m 0 s)

And for somebody who gave Spht and [vL] awards for being lame, it's funny how they use Spht's bot and other BNLS-based bots

[Blaze]

they cant even spoke good11!!!

[quasi-modo]

They're retards if they allowed themselves to get trojanned numerous times...I learned my first time and it never happened again. And I knew when I got trojanned before the idiot could do anything.

I have had some of those DDOS clients on my machine in the past, but never a trojan. Even then I have not let it happen since.

[hismajesty]

I've never had either, woot I rock.

[UserLoser.]

Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net).  Also compiled to p-code it looks like (VB6)

[Eternal]

Ouch, head hurting, too much l33t speak.   

[iago]

Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net).  Also compiled to p-code it looks like (VB6)

Also my virus scanner picks them up as viruses.  That's a definate clue.

[TehUser]

I tend to just open them in notepad and look for the API calls near the bottom.

KERNEL32.DLL ADVAPI32.DLL AVICAP32.DLL COMCTL32.DLL GDI32.DLL OLE32.DLL OLEAUT32.DLL SHELL32.DLL URLMON.DLL USER32.DLL WINMM.DLL WINSPOOL.DRV WSOCK32.DLL   LoadLibraryA  GetProcAddress  ExitProcess   RegCloseKey   capCreateCaptureWindowA   ImageList_Add   BitBlt  IsEqualGUID   SysStringLen  ShellExecuteA   URLDownloadToFileA  GetDC   timeGetTime   ClosePrinter                 

I don't know of too many bots that need the printer and multimedia subsystems, much less BitBlt (system drawing routine), capCreateCaptureWindowA (video capture for webcams, I believe), and URLDownloadToFileA.  Even without a virus scanner, should be fairly obvious it's not to be trusted.

[Adron]

I tend to just open them in notepad and look for the API calls near the bottom.

KERNEL32.DLL ADVAPI32.DLL AVICAP32.DLL COMCTL32.DLL GDI32.DLL OLE32.DLL OLEAUT32.DLL SHELL32.DLL URLMON.DLL USER32.DLL WINMM.DLL WINSPOOL.DRV WSOCK32.DLL   LoadLibraryA  GetProcAddress  ExitProcess   RegCloseKey   capCreateCaptureWindowA   ImageList_Add   BitBlt  IsEqualGUID   SysStringLen  ShellExecuteA   URLDownloadToFileA  GetDC   timeGetTime   ClosePrinter                 

I don't know of too many bots that need the printer and multimedia subsystems, much less BitBlt (system drawing routine), capCreateCaptureWindowA (video capture for webcams, I believe), and URLDownloadToFileA.  Even without a virus scanner, should be fairly obvious it's not to be trusted.

Uhh, BitBlt makes perfect sense for a bot to have. It's one of those calls "everything" uses. For scrolling a window, drawing icons, etc.

Also, most apps want to use the printer subsystem, to be able to print things since that's one of the standard options on the file menu. Multimedia makes sense both for measuring time (pings etc) and for sounds played when connecting / disconnecting. Downloading an URL could be used for displaying a message of the day, checking for updates to the bot or similar. The only call there that is out of place really is capCreateCaptureWindowA.

[TehUser]

Oh come on, after all of that, you couldn't come up with a reason to have video capture?  Maybe it's for posting video of the bot user to a web interface, since lots of bots have that along with the printing capabilities.  Nothing says cool like being able to print pictures of yourself using an awesome bot.

[Falcon[anti-yL]]

Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net). Also compiled to p-code it looks like (VB6)

Also my virus scanner picks them up as viruses. That's a definate clue.

What anti virus do you use? Mine doesn't pick up anything.

[iago]

Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net). Also compiled to p-code it looks like (VB6)

Also my virus scanner picks them up as viruses. That's a definate clue.

What anti virus do you use? Mine doesn't pick up anything.

i had to unrar it first.  The .exe's are picked up by ClamAV, which is a free/opensource virus scanner. 

www.clamav.net