from the doc:The program has a lot of features, and very useful extras: - you can control the remote machine via your mobile phone!! How?! It is very simply: you just send an email via sms from your handy to a given POP3 emailaddress, and the server will interpeter it. - you can control more than one machine with your handy... - you can mailbomb anybody... Sounds good, ehh? :)History:It was accessable a friendonly beta version of this prg, but I got very few feedback :( If you have any idea, write me them. [+] Winzip icon for the server :) [*] Crypted settings in the server [*] New keylogging engine, so the server probably works on NT yet [*] New communication protokoll between clients and server so you can control the server with a pure telnet client too. So it isn't neccesary for me to write a linux client, too :)What's new in mE$$iAh v1.0? 2000.08.18. [*] New readme file, I corrected some englisherrors... [*] You could start the server twice... I fixed this bug. [+] Many new commands are added: MD, RD, DIR, STARTKL, STOPKL STARTFTP, STOPFTP, STARTBOMB, STOPBOMB, MSGSHOW, WALLP, CACHEPWZ, SLEEP, SOUND, LISTPROCESS, KILLPROCESS, DONTDELETE, INFECT [-] The command PWZ isn't any more, its new name is: RASPWZ [+] You can make own server file with the makeserver program, called tHe g0D. [*] The client has new design (:-) and its new name is mADaNgEl. Thanks for the logo to Nestan! [*] I have changed the name of the MSG command to MSGDRAW. [*] More optimalization on the code. [+] The server uses three random filenames when it copies itself to the WINDOWSSYSTEM directory [+] Formater has helped me a lot. He wrote the linux clients, too... Big big thanx!Files:madangel.exe - this is the clients... - size: 307.200 messiah.exe - this is the server... - size: 196.608 readme.txt - you are reading it now :) - size: XXXXXX thegod.exe - this is the makeserver... - size: 142.336The server features:[the examples are beetwen these signs] Installing: - stealth mode - it starts itself automatic when Windows starts... Note: for these two functions you must only start the server executable, then you can delete the file, it's not needed more time!) - you can protect the server with password, the default is SPY [+PASWnewpassword] - the default port for the server is 2000, and you can modify it, of course. [+PORTnewportnumber] - you can close the server [+CLOSE] - you can close the server, and remove from the machine [+REMOVE] - you must set the host of the POP3 server, through you control the machine [+POPHSTexamplehost] - you mut set the username to the POP3 server [+POPUSRexampleusername] - you must set the password for the username [+POPPWDexamplepassword] - you can set the host of the SMTP server [+SMTPHSTexamplehost] - you can set the username to the SMTP server [+SMTPUSRexampleuser] - you can set the emailaddress to send the answer emails to [+SMTPS2exampleemailaddress] - you can set the timer to checking the online status. Default is 60000 (=1 minute) [+TIMERexamplemillisecondsnumber]Note: you must set up the three POP settings, then you can control the server, and upload file via email. If you set up the SMTP suxxz, then you will get email notification for the victims online status. The server checks the online status periodically, see the TIMER value for more. You can not control the server via your mobile, while you don't set up the POP3 correctly.File management:- you can execute any file on the machine of the server [+EXECfiletoexecute parameter] - you can delete any file from the server [+DELfiletodelete] - you can copy file on the server [+COPYfiletocopy directory] - you can move file on the server [+MOVEfiletomove newname] - you can download file from the server via email [+GFILEexamplefiletodownload] - you can make a directory on the server [+MDdirectoryname] - you can remove a directory on the server (like deltree!!) [+RDdirectoryname] - you can list the filenames in a directory (the default is *.*) [+DIRc:*.*] - you can send the server to an email address with the name clinton.jpg.exe :) [[email protected]]Note: you can transfer files per email, too. To upload file, you must set the POP3 settings, to download file, the SMTPz. There is already a new thing to use for filetransfer: the ftp server.Miscellaneous:- you can open the CD tray [+CDOPEN] - you can close it, too :) [+CDCLS] - you can turn monitor off [+MONOFF] - and on, too [+MONON] - you can close the actual window [+CAW] - you can send message to the remote machine [+MSGSHOWThis is an example message] - you can draw a message to the remote machine's display [+MSGDRAWThis is an example message] - you can change the wallpaper [+WALLPc:logo.sys] - you can play sound [+SOUNDc:windowsmediaThe Microsoft Sound.wav]Machine:- you can suspend the system [+SUSP] - you can restart the machine [+REBOOT] - you can shut down the machine [+POWER] - you can lock up the remote system [+LOCKUP] - you can start keylogging (it will store the log in C:WINDOWSSYSTEMWINA386.DLL) [+STARTKL] - you can stop the keylogging [+STOPKL] - you can start FTP server [+STARTFTP] - you can stop FTP server [+STOPFTP] - you can send mailbomb to anybody (if you don't use parameter, the server will send the mails to the previos victim) [+STARTBOMBemailaddress] - you can stop it [+STOPBOMB] - you can pause the server processing the commands for half minute Eg. you send an email with this subject: [+CDOPEN+SLEEP+MSGSHOWyou fuck+SLEEP+OPENCD] Note: power off does not work properly on NT, I think. There is Lockup code for NT.Informations:- you can get the RAS passwords [+RASPWZ] - you can get the cached passwords [+CACHEPWZ] - you can get the current username [+CUSER] - you can get the directory of windows [+WDIR] - you can get the active processes [+LISTPROCESS] - you can kill process [+KILLPROCESSprocessletter]Final Note: to control the server via you mobile phone, you need to send an sms-email to the emailaddress POPUSR@POPHST. The commands have to be in the subject. you can use more than one command in once, eg: +CDOPEN+MSGYou fuck!+LOCKUPIf you would like control more than one computer via email, then set the POP things same on all computers, then you can send command like this: [+DONTDELETE+MS
Backdoor Program [Panda]Backdoor.Delf.apBackdoor.Messah.10Backdoor.Win32.Messah.10 [Kaspersky]Win32/Messah.10 trojan [Eset]
messiah1.0_server.exeWindowssystemj4ysrv.exe
HKEY_LOCAL_MACHINEsoftwarespy