Up front warning: Optix Pro v1.0

Discussion in 'malware problems & news' started by Paul Wilders, Mar 22, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    As it seems, within a shortwhile the new version from Optix: Optix Pro v1.0 will be out in the wild.

    The previous version(s) from optix have had devastating capacities; the upcoming new version will have no doubt even more nasty ones, although no specs can be provided at this moment.

    As always, there will the various anti-trojan softwares will update their databases as soon as possible. An 'in between period" nevertheless will be unavoidable.

    Bottom line: be careful (as always...).

    regards.

    paul
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Courtesy to Gavin Coe from DCS (who apparently grabbed a copy before we managed to do so - no surprise really  ;)  ):

    Specs from this nastie:

    Set features for Version 1:

    Power Options (turn off comp, restart, logoff)
    Get Server Information, uninstall/close server
    Get Computer Information (Speed, HDSpace, username, windows ver.)
    Get Passwords (Cached, Aim, RAS)
    File Mang.
    Process Mang.
    Registry Mang.
    Window Mang.
    Message Boxes
    Keylogger
    Client2Client Chat
    Matrix Chat(Client2Server)
    Send Keys
    Screen Capture
    WebCam Spy
    Numerous "Humor" things (Better than just open/close cdrom  )

    SERVER FEATURES
    Configurable:
    Port
    Password
    Victim Name
    Edit Server Password
    No-Edit server after initial edit
    Fake Error Message
    5 different startup methods
    windir/sysdir/stay in original location
    registry key (startup)
    server file .exe name
    melt server
    ICQ, CGI, MAIL, and IRC notify. Mail has built in smtp-relay.
    Kill Firewalls/Anti-Virus .exe's.
    Add your own configurable .exe and nt/2k/xp services.
    ------

    regards.

    paul
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Blimey...the thing must be as big as Windows itself!  Can it also make good toast?  :)
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Checkout,

    Not at all. It's mainly the server part that counts for victims.

    It depends on your perspective; having the server on your system no doubt can make you toast   :rolleyes:

    regards.

    paul    
     
  5. FanJ

    FanJ Guest

    Paul,

    Oops, what means "Mang." like in for example "File Mang."? Management?
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Jan, you can call it that way - "fooling around with" on the client configuration side.

    regards.

    paul
     
  7. Gobo

    Gobo Guest

    I would say that Gavin from TDS is lying if he says he has a copy :)
    Firstly it's not been released yet, the set date is April 7th, although it may be avaliabe before hand.
    Secondsly that list of features he has "written" is a direct copy and past from the EvilEye (Otix authors) message board.

    Optix Pro (Version 1.o at least) is not different to any of other trojan out there. Nothing from it's feature list stands out or is special by any means. The only extra I expect to see from this trojan is stability, as there optix lite range have been tightly coded so far, except for that small password validation but, but they fixed that in 0.4b.

    Gobo
     
  8. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Tony,

    Yep. Daniel has indeed a copy - and it's implemented in his The Cleaner database (as it is in all good anti-trojans nowadays).

    regards.

    paul
     
  10. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Good to hear that Paul!

    I just posted the Diamond CS Advisory at my home board in order to inform everyone about the arrival of this nasty piece of malware.

    Thanks!
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Tony,

    Nice work  :D

    regards.

    paul
     
  12. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi TonyKlein,

    See the post in this thread about our advanced signature scanning and its detection of these trojans :)

    http://www.security-pro.co.uk/yabb/YaBB.pl?board=trojansbackdoors;action=display;num=1017817591;start=0
     
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Thanks Gavin,

    Great work! Thanks for the heads up.

    Cheers,   Tony
     
Loading...
Thread Status:
Not open for further replies.