A new version of "The Beast" a Remote Administration Tool (aka backdoor) is believed to be in use on the net.
According to the help document the author offers a "private" version of Beast 2.05. It is not released to public, but instead is compiled specifically for the person who pays the author 120 euro. It is different from public version and this private version should not be picked up by antivirus signature based software.
The default listen port is 6666 and the port for its outbound connections is 9999. The 'server' calls itself svchost.exe. It can be remotely controlled either in a listening mode or in a "reverse mode". In the reverse mode once installed it connects to a server. Many firewalls allow connections from the inside of the network outbound in such a network "The Beast" can by pass the firewall by opening the outbound connection to its server.
New functions: It can do dll injection of itself into Internet Explorer, Explorer or Notepad. This allows it to hide itself from a show process type
A good writeup on the new version can be viewed here
Dec 16th 2003
1 decade ago