Up front warning: Optix Pro v1.0

[Paul Wilders]

As it seems, within a shortwhile the new version from Optix: Optix Pro v1.0 will be out in the wild.

The previous version(s) from optix have had devastating capacities; the upcoming new version will have no doubt even more nasty ones, although no specs can be provided at this moment.

As always, there will the various anti-trojan softwares will update their databases as soon as possible. An 'in between period" nevertheless will be unavoidable.

Bottom line: be careful (as always...).

regards.

paul

[Paul Wilders]

Courtesy to Gavin Coe from DCS (who apparently grabbed a copy before we managed to do so - no surprise really * *):

Specs from this nastie:

Set features for Version 1:

Power Options (turn off comp, restart, logoff)
Get Server Information, uninstall/close server
Get Computer Information (Speed, HDSpace, username, windows ver.)
Get Passwords (Cached, Aim, RAS)
File Mang.
Process Mang.
Registry Mang.
Window Mang.
Message Boxes
Keylogger
Client2Client Chat
Matrix Chat(Client2Server)
Send Keys
Screen Capture
WebCam Spy
Numerous "Humor" things (Better than just open/close cdrom *)

SERVER FEATURES
Configurable:
Port
Password
Victim Name
Edit Server Password
No-Edit server after initial edit
Fake Error Message
5 different startup methods
windir/sysdir/stay in original location
registry key (startup)
server file .exe name
melt server
ICQ, CGI, MAIL, and IRC notify. Mail has built in smtp-relay.
Kill Firewalls/Anti-Virus .exe's.
Add your own configurable .exe and nt/2k/xp services.
------

regards.

paul

[Checkout]

Blimey...the thing must be as big as Windows itself! *Can it also make good toast? *

[Paul Wilders]

Hi Checkout,

Quote:

the thing must be as big as Windows itself!

Not at all. It's mainly the server part that counts for victims.

Quote:

Can it also make good toast?

It depends on your perspective; having the server on your system no doubt can make you toast *

regards.

paul * *

Paul,

Oops, what means "Mang." like in for example "File Mang."? Management?

[Paul Wilders]

Quote:

Paul,

Oops, what means "Mang." like in for example "File Mang."? Management?

Jan, you can call it that way - "fooling around with" on the client configuration side.

regards.

paul

I would say that Gavin from TDS is lying if he says he has a copy
Firstly it's not been released yet, the set date is April 7th, although it may be avaliabe before hand.
Secondsly that list of features he has "written" is a direct copy and past from the EvilEye (Otix authors) message board.

Optix Pro (Version 1.o at least) is not different to any of other trojan out there. Nothing from it's feature list stands out or is special by any means. The only extra I expect to see from this trojan is stability, as there optix lite range have been tightly coded so far, except for that small password validation but, but they fixed that in 0.4b.

Gobo

[TonyKlein]

Someone at abother board said The Cleaner has had this one covered as of April 3rd.

Can they be believed, I wonder?

http://www.helpmij.nl/forum/attachme...achmentid=6084

[Paul Wilders]

Tony,

Yep. Daniel has indeed a copy - and it's implemented in his The Cleaner database (as it is in all good anti-trojans nowadays).

regards.

paul

[TonyKlein]

Good to hear that Paul!

I just posted the Diamond CS Advisory at my home board in order to inform everyone about the arrival of this nasty piece of malware.

Thanks!

[Paul Wilders]

Tony,

Quote:

I just posted the Diamond CS Advisory at my home board in order to inform everyone about the arrival of this nasty piece of malware.

Nice work *

regards.

paul

[Gavin - DiamondCS]

Hi TonyKlein,

See the post in this thread about our advanced signature scanning and its detection of these trojans

http://www.security-pro.co.uk/yabb/YaBB.pl?board=trojansbackdoors;action=display;num=1017817591;start=0

[TonyKlein]

Thanks Gavin,

Great work! Thanks for the heads up.

Cheers, * Tony