Beast | |
Developer: | Tataye |
Operating System: | Microsoft Windows |
Latest Release Version: | 2.07 |
Latest Release Date: | August 3, 2004 |
Discontinued: | yes |
Genre: | |
License: | Freeware |
Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a "RAT". It is capable of infecting versions of Windows from 95 to XP.[1] Written in Delphi and released first by its author Tataye in 2002,[2] it became quite popular due to its unique features. It used the typical client–server model where the client would be under operation by the attacker and the server is what would infect the victim. Beast was one of the first trojans to feature a reverse connection to its victims, and once established it gave the attacker complete control over the infected computer.[2] [3] The virus would be harmless until opened. When opened, the virus would use the code injection method to inject itself into other applications.[4]
On a machine running Windows XP, removal of three files (“explorer.exe” (Windows Explorer), “iexplore.exe” (Internet Explorer), or “msnmsgr.exe” (MSN Messenger)) in safe mode with system restore turned off would disinfect the system.[5]
The default ports used for the direct and reverse connections were 6666 and 9999 respectively, though the attacker had the option of changing these. Beast came with a built-in firewall bypasser and had the ability of terminating some Anti-Virus or firewall processes. It also came with a file binder that could be used to join two or more files together into one executable.