7 April 2002: M suggests comparing AntiSec to the "Optix Lite Trojan," described here:

http://www.diamondcs.com.au/web/alerts/optixlite.htm

7 April 2002

Related files on Codex Data System spying programs: http://cryptome.org/dirt-files.htm


Anonymous has provided a copy of AntiSec, a program by Codex Data Systems -- producer of criminal spying software DIRT, HOPE and TOAST -- which disarms firewall and similar anti-intrusion programs while leaving the programs' icons in place as if protection was in force, thus allowing snooping programs access to computers without the owners knowing. Here is Codex's description of the product:

What about Firewalls?
We have taken intelligence gathering to a new level with the introduction of AntiSecTM

AntiSecTM is an Anti-Firewall application
AntiSecTM searches for all known firewalls
AntiSecTM kills the running process
AntiSecTM replaces the running icon seamlessly
AntiSecTM allows stealth FTP connection
AntiSecTM effectively kills target's security

[Firewall icons shown:]

Boshield.ico
Esafe.ico
cyberwall.ico
Atguard1.ico
Blackice.ico
zonealarm.ico
lockdown2000.ico
neverhack.ico
Jammer1.ico
eTrust Intrusion Detection.ico

Release Date - 2nd Quarter 2001 as FREE upgrade

Anonymous provides this caution about AntiSec:

The AntiSec proof -- that is the code of the program that defies all current firewalls,etc. It was not included in the ordinary DIRT version but the new enhanced one (already in circulation) and the Invictus version (do not know whether this one actually exists -- because it is not supposed for exports! I bet it does exist and it is far more powerful than the humble DIRT predecessor).

Anyway, attached is a proof (according to Codex Data Systems) that the AntiSec version exists. One should run the application on a PC (but don't do it unless you have a clue what could happen -- you could get bugged!). Enter the name of the running process like Netscape.exe. Now when you click on the file you will see Netscape close if it is open. So it will do that with all known firewalls and their respective icons. Consequently, the target "assumes" that his or her firewall is running but it is not!

Cryptome offers the program for research so that a defense against it may be devised and openly published. Installation should be carried out on an isolated machine to guard against the possiblity of activating a covert bug which could send a signal to Codex. Beware that use of the program against other parties is surely illegal as with most of the criminal Codex products spyworld adores.

AntiSec executable with this file, Zipped:

http://cryptome.org/dirty-antisec.zip (100KB)