Flatley Trojan (FoD, snifferDance, netTap)

From Wikipedia, the free encyclopedia

You have new messages (last change).
There are very few or no other articles that link to this one.
Please help introduce links in articles on related topics. After links have been created, remove this message.
This article has been tagged since October 2006.

[edit] Introduction

First discovered in September 2006, this particular Trojan (also Backdoor, Packet Sniffer) toolset delivers a seemingly benign but particularly annoying payload - the truth, in fact, is that once your workstation (currently Windows based OS' only) has been compromised port 44444 (also known to be used by the 'Proziak' trojan) is opened and 'listens' for incoming connection attempts from the companion tool 'netTap' (working much the same way as the 'netcat' tool). The toolset also comprises a sniffing tool called 'snifferDance'.

[edit] The Toolset

Flatley Trojan

Runs silently upon startup, opens port 44444 and listens for incoming connections from the 'netTap' tool included within the toolset.

netTap

Connects to port 44444 on the target computer (if the Flattley Trojan has been deployed) and can be used to launch applications remotely, usually through the command line. Can also be used to transfer files to/from the target machine.

FoD - 'F33t of D3@th' [sic]

FoD can be used in two modes. Either to create a pseudo 'Ping o' Death' attack on the target machine, or to form part of a Distributed Denial of Service (DDoS) attack. When operating in DDoS mode FoD forms part of a distributed 'Zombie' network - port 44444 is opened and 'Listens' for incoming connections instructing it to commence the attack.

snifferDance

Named after Michael Flatley's famous 'River Dance' this tool is a basic 'sniffer' (see also 'Ethereal') which can be used to sniff packets off of a compromised network. The built-in packet analysis tools are basic, providing only minimal functionality. This tool comes into its own when combined with the FoD tool when used in DDoS mode - it is capable of checking the port state of a list of compromised machines to enable to operator to check that the DDoS mode has been implemented and that the attack is proceeding.

[edit] Delivery Method

The usual method of delivery for this Trojan is for it to be hidden within a file called FlatleyDance.scr - this is a windows screensaver file. The classic method for introducing this into the target machine is for it to be sent as an email attachment, relying on the target computer user's lack of security awareness. The screensaver is fully functional, and this leads to most infected users not realising that it has a malignant nature. When activated an animated picture of Michael Flatley dances across the user's screen and an Irish jig is played. (The CEH boys strike again)

Retrieved from "http://en.wikipedia.org../../../f/l/a/Flatley_Trojan_%28FoD%2C_snifferDance%2C_netTap%29_16f3.html"