Summary

Master's Paradise is not a virus or a trojan. Actually things like NetBus, Back Orifice, Deep Throat, Master's Paradise and Hacker's Paradise are called 'backdoors' or hacker's remote access tools. These tools being purposely or unintentionally installed on any computer provide hidden access to this computer for hackers - i.e. open a 'backdoor' in remote computer system. These tools are quite widespread and used frequently to steal data and delete files on peoples machines.

Additional Details

Master's Paradise has client and server parts. The server part has to be installed on remote system to provide access to it. Originally Master's Paradise was spread with the game called 'Pie Bill Gates'. When user runs the game (that was actually a self-extracting archive), the server part of Master's Paradise is installed on his system. Two files are copied to \Windows\ directory: SysEdit.EXE and KeyHook.DLL. Execution of SysEdit.EXE is added to Windows registry to the following key:

 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

With these settings the server part of Master's Paradise will be launched each time Windows starts and will keep listening to certain TCP/IP ports for commands from client part. The client part allows a hacker to control remote computer system where the server part is installed and activated. The client part has dialog interface which makes it easier to manipulate remote system objects.

Capabilities of Master's Paradise and Hacker's Paradise include:

 1. Access to all media available on target computer
 2. Sending, receiving and deleting files
 3. Creating and deleting folders
 4. Sending and receiving keystrokes, blocking keyboard access
 5. Sending messages and receiving answers from user
 6. Controlling any application windows and all their components
 7. Highlithing application windows (yellow flash)
 8. Receiving screendump in multiple resolutions (can be saved to file)
 9. Total or partial control over mouse in Full-Screen Control mode
 10. Controlling server part: enabling, disabling, setting password, info
 11. Restarting computer
 12. Getting RAS information: provider, user name and password
 13. Batch processing for automatic poll data from remote computers

Master's Paradise has some addons (depending on its version) - DNS Master, IP Master, Ping Bomber and Port Scanner. German and English interfaces are available.

Master's Paradise was created by Dan Lehmann from Munich Brain House, one of German's hacker groups.

Hacker's Paradise backdoor is a variant of Master's Paradise but it is lacking some bugs and is using different TCP/IP ports.

[Analysis: Alexey Podrezov, F-Secure]