Threat Description

Master's Paradise

Details

Aliases:Master's Paradise, Backdoor.Krass , Hacker's Paradise
Category: Malware
Type:
Platform: W32

Summary



Master's Paradise is not a virus or a trojan. Actually things like NetBus, Back Orifice, Deep Throat, Master's Paradise and Hacker's Paradise are called 'backdoors' or hacker's remote access tools. These tools being purposely or unintentionally installed on any computer provide hidden access to this computer for hackers - i.e. open a 'backdoor' in remote computer system. These tools are quite widespread and used frequently to steal data and delete files on peoples machines.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Master's Paradise has client and server parts. The server part has to be installed on remote system to provide access to it. Originally Master's Paradise was spread with the game called 'Pie Bill Gates'. When user runs the game (that was actually a self-extracting archive), the server part of Master's Paradise is installed on his system. Two files are copied to \Windows\ directory: SysEdit.EXE and KeyHook.DLL. Execution of SysEdit.EXE is added to Windows registry to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

With these settings the server part of Master's Paradise will be launched each time Windows starts and will keep listening to certain TCP/IP ports for commands from client part. The client part allows a hacker to control remote computer system where the server part is installed and activated. The client part has dialog interface which makes it easier to manipulate remote system objects.

Capabilities of Master's Paradise and Hacker's Paradise include:

1. Access to all media available on target computer
 2. Sending, receiving and deleting files
 3. Creating and deleting folders
 4. Sending and receiving keystrokes, blocking keyboard access
 5. Sending messages and receiving answers from user
 6. Controlling any application windows and all their components
 7. Highlithing application windows (yellow flash)
 8. Receiving screendump in multiple resolutions (can be saved to file)
 9. Total or partial control over mouse in Full-Screen Control mode
 10. Controlling server part: enabling, disabling, setting password, info
 11. Restarting computer
 12. Getting RAS information: provider, user name and password
 13. Batch processing for automatic poll data from remote computers
 

Master's Paradise has some addons (depending on its version) - DNS Master, IP Master, Ping Bomber and Port Scanner. German and English interfaces are available.

Master's Paradise was created by Dan Lehmann from Munich Brain House, one of German's hacker groups.

Hacker's Paradise backdoor is a variant of Master's Paradise but it is lacking some bugs and is using different TCP/IP ports.





Technical Details: Alexey Podrezov, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More