Beast (Trojan horse)

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Beast" Trojan horse – news · newspapers · books · scholar · JSTOR (January 2016) (Learn how and when to remove this message)

Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a "RAT". It is capable of infecting versions of Windows from 95 to XP.^[1] Written in Delphi and released first by its author Tataye in 2002,^[2] it became quite popular due to its unique features. It used the typical client–server model where the client would be under operation by the attacker and the server is what would infect the victim. Beast was one of the first trojans to feature a reverse connection to its victims, and once established it gave the attacker complete control over the infected computer.^[2][3] The virus would be harmless until opened. When opened, the virus would use the code injection method to inject itself into other applications.^[4]

On a machine running Windows XP, removal of three files (“explorer.exe” (Windows Explorer), “iexplore.exe” (Internet Explorer), or “msnmsgr.exe” (MSN Messenger)) in safe mode with system restore turned off would disinfect the system.^[5]

This article possibly contains original research. Please improve it by verifying the claims made and adding inline citations. Statements consisting only of original research should be removed. (January 2016) (Learn how and when to remove this message)

The default ports used for the direct and reverse connections were 6666 and 9999 respectively, though the attacker had the option of changing these. Beast came with a built-in firewall bypasser and had the ability of terminating some Anti-Virus or firewall processes. It also came with a file binder that could be used to join two or more files together into one executable.

• ILOVEYOU
• List of computer viruses