A RAT program works by a simple but effective principle: the hacker infects the machine with a “server” program via the e-mail or File and Print Sharing system and can control it, using a “client” on his computer. Originated in September 2001. The functions of a RAT can vary, depending on the needs of the attacker. This program has a “backdoor” function, allowing the intruder to bypass the security. The author of this pest is a hacker called Psyon. The RAT was written in Visual C++ programming language. Several variants (Moses 1.1.5 b, Moses 1.1.5 d, Moses 1.10c, Moses 2.01) appeared from July 2000 to October 2003.
From the publisher:
“Moses – Remote Admin Tool By Psyon for MoDeM
DISCLAIMER: This software is intended for legitimate remote administration needs. It is provided as is, without any support from. MoDeM is not now and will not ever be responsible for any uses of the software.
CONFIGURATION Use the configuration tool config.exe in the zip file. It should be pretty self explanatory. config.exe is a slimmed down version of the Bo2k Config tool. It works, thats all that matters.
2.0.1 BETA I added a file server, so that you can download files from the host easier. Also I fixed the MSGBOX code that was causing the software to stop if no one clicked OK.
1.1.5 BETA I changed the way that the USERHOST response was being handled. It was preventing the lookup of the host IP properly, so dos consoles were not working right.
1.1.2 BETA I changed the ResolveHost() function. Im pretty positive it was responsible for some errors I was encountering.
1.1.1 BETA Just a few small bug fixes.
1.1.0 BETA I changed the installation process. The old way was not working on all computer. The installer and Moses are actually separate programs now, but they run as one.
1.0.1 BETA I fixed a problem with the initial setup not running on all computers. Also fixed a problem with Moses not connecting to IRC when it did run.
1.0.0 BETA This is the initial release of Moses. It is not very complete. It does have some useful features in it, like the console. Check it out.
All commands are given by messaging the bot. If you are familiar with IRC than you know what this means, if than stop reading and delete moses! Commands are as follows:
COMMAND – Sends raw IRC commands to the server. USAGE: COMMAND ex: COMMAND PRIVMSG #Moses :Command used!
CONSOLE – Gives you a DOS prompt in a DCC window. This function is extremely buggy and may not work on all computers. Im looking into fixing it. USAGE: CONSOLE
EXECUTE – Executes a specified program or file. USAGE: EXECUTE ex: EXECUTE c:\windows\notepad.exe
HELP – Lists all currently available commands. USAGE: HELP
MSGBOX – Shows a message box on the remote machine. USAGE: MSGBOX ex: MSGBOX Sorry, you are about to be rebooted
QUIT – Makes the bot quit irc and reconnect. USAGE: QUIT [message] ex: QUIT quit requested from Admin
REBOOT – Reboots remote computer. USAGE: REBOOT
SEND – Sends a series of files matching a mask via DCC. It will send one at a time USAGE: SEND ex: SEND c:\windows\*.exe
SERVER – Makes the bot switch IRC servers. USAGE: SERVER
VERSION – Returns current version of Moses. USAGE: VERSION
Moses manual removal: