from the doc: ' MoSucker is a backdoor trojan, coded with Visual Basic 6. The server needs the vb6-runtime-dll msvbvm60.dll. It does no longer need any ocx-files (you can change this in the EditServer) This trojan is written for Windows 95/98, it wasn't tested on other systems like 98se, NT and 2K, but it should work there, too. MoSucker is the best or one of the best trojans ever programmed with vb. Have fun with it!'2.30: From the doc: 'This list will kill (terminate) all well-known firewalls and Anti-Virus programs currently running on the victim's system. It will NOT delete or currupt these programs, it will just stop them.'3.0a: From the doc: 'This list will kill (terminate) all well-known firewalls and Anti-Virus programs currently running on the victim's system. It will NOT delete or currupt these programs, it will just stop them. Kills ZoneAlarm (Including Pro), LockDown, Norton AntiVirus, Trojan Check, Trojan First Aid Kit, MS Visual Studio Spy tools, Dr. Watson, RegEdit, The Cleaner, Trojan Defense Suit 3, Anti Trojan, Dr. Solomon, Norton Utilities, McAffee Virus scan, Kaspersky Anti Virus RegRun II, Tau Monitor, ANTS and AtGuard ... and others'MoSucker 3.0b - Released Nov. 20th 2002!!IMPORTANT!!1) MoSucker 3.0b servers are not compatible with the MoSucker 3.0a edit server. 2) If you get any runtime errors, execute Runtimes.exe in the runtimes folder. 3) Check the announcements in the forum for the latest public CGI locations. 4) The edit server cannot change the icon for servers that include the runtimes. Use reshacker or microangelo. Icon is 32x32 16 colorsChanges/bugfixes for 3.0b- Modification of settings encryption for increased server security. - Edit server and client install runtimes if needed (since nobody can read). - MSN notification protocol error fixed. - MSN notification no longer gives visible error message when service is down. - Kill running system process checkbox error on reload fixed. - File exists routine for bound files fixed (bug rare) - Improved error handling in edit server. - Removed webdl.ocx dependancy.MoSucker ErEbuS: Ive packadged the mosucker trojan into a new trojan installer that compresses the file differently. This also installs the visual basic 6.0 runtimes with it. Copies file to system directory quietly and runs mosucker. Ofcourse, after it runs the mosucker server, the antivirus will pick it up. I leave this problem to you.These are the attached server's settings: port: 1037 (default) filename: wsvchost.exe deny local connections events: deleting/restoring of netstat and kills the threads of avs/fw melts the installErEbuS
Backdoor.Mosuck.11Backdoor.Mosuck.20Backdoor.Mosuck.21.aBackdoor.Mosuck.21.bBackdoor.MoSuck.30Backdoor.MoSucker.10Backdoor.MoSucker.10 [Kaspersky]Backdoor.Mosucker.20.aBackdoor.MoSucker.22.pluginBackdoor.MoSucker.23Backdoor.MoSucker.30.aBackdoor.MoSucker.
backdoor.mosucker.11.execreateserver.exeeditserver 2.0.exeeditserver.exefree pink.exemosucker 2.0.exemosucker.exepics.zip.exeserver.exeserver1.exeserver2.exeserver3.exeserver4.exeserver5.exeskinmaker.exeWindowsjthh.exeWindowsmsnetcfg.exeWindowssystemsvr.exeWindows emppkg310.exeWindows emppkg332.exeWindows emppkg3392.exeWindowsunin0686.exeWindowsvvuijoe.exev young.exew32mos~1.exew32mos~2.exe