.:--==--==--==--==-->> Windows 95/98/NT Backdoor by Marc Satur9 <<==--==--==:.
::                                                                          ::
:: Windows 95/98/NT appears to be full of undocumented extras (efg). While  ::
:: running my BSD box on a windows' network, i noticed that all the remote  ::
:: administration was coming from a "user" called ADMIN$.                   ::
::                                                                          ::
:: I then experimented a little and found that sharing any folder as ADMIN$ ::
:: is the equivalent of enabling remote administration, only it's not that  ::
:: easy to find out if the box is "infected". You can share any folder, the ::
:: best results usually come from a subfolder deep within the "windows"     ::
:: directory, one that they won't look in. The only way the user is likely  ::
:: to detect he is "infected" is to run Netwatcher at the same time that you::
:: are accessing his box. >Editors Comments: Or by using the netstat program::
:: in his Windows Directory<                                                ::
::                                                                          ::
:: The only way he can "clean" it off is to enable and then disable remote  ::
:: administration. If you hide the shared folder well enough, you should    ::
:: not get caught at all - The shared folder will also not show as a share  ::
:: in Netwatcher if it is named ADMIN$ and somewhere within the Windows     ::
:: directory.                                                               ::
::                                                                          ::
:: >Editors Comments: If there is any demand for it, the SoS would be happy ::
:: to write a program to install this backdoor on a host. Of course, we     ::
:: won't bother if nobody asks<                                             ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'