This RAT program was designed for virtual hooliganism, it can not be classified as dangerous, because the functions of this program are not harmful. Ti annoys the user by causing DoS attacks (jamming the channel by fast pinging). It also uses a very sneaky ways to infect the system, so the detection is quite hard. The pest originated in April 1999. The author is a hacker called MaTrim. It was written in Visual Basic.
From the publisher:
“Excalibur is a new backdoor virus program with several advantages over the other backdoor programs available.
1: It is not yet detected by virusscanners
2: It automatically hides itself very well from any type of detection
3: It has built-in DoS capibilities, such as Ping Bomb [think
of pingbomb from 10 computers!] or Nuking.
4: It uses a little-known way of running itself on bootup, making
it difficult to detect
5: Much more!
— 3.1 —
After running install.exe, there should be a zip file in the directory with the client.1. Download any program [or use one that you have handy]. Make sure that it has an install program built in. Then, rename the install program [most likely install.exe or setup.exe] to “install.___” [no quotes]. Those _ marks are NOT spaces, they are underscores.
2. Copy all of the files from install.zip to the same place as this other program. There should now be a new ‘install.exe’ [the one from install.zip].
3. Recompress and send to your victom! When the run ‘install.exe’ it will set up the virus and run the original install program. Your victom won’t notice a thing!
— 3.2 —
This is a list of the ‘other’ functions [buttons], i.e. not the DoS functions, and what they do. Obviously, you need to be connected to a virused computer first.
Alt-Ctrl-Del off = Disables Alt-Ctrl-Del, click again to enable
Run Program = Runs program on remote computer
Crash Explorer [win98 only] = When enabled, will crash Explorer [NOT IE] on any computer running Win98. Very nasty!
Comptuer Takedown = Completly destroies a computer. BE CAREFUL WITH THIS FUNCTION.
Set WallPaper = Set the computer’s wallpaper
Annoying Mouse… = Whenever the user moves the mouse, a messagebox will be displayed.
Switch Mouse Buttons = Self-explanitory. Just plain annoying!
— 3.3 —
———– This is a list of the DoS functions [buttons], and what they do. Obviously, you need to be connected to a virused computer first.
PingBomb = Has the virused computer pingbomb an IP for aprox. 5 min. Very effective if multiple clients are using it, and none of it gets traced back to you!”
Excalibur manual removal: