Dec 21 2007

Damn Pigeons! 灰鸽子


    First, let me start you off with a little background on the Gray Pigeon Trojan here.  Great stuff, they even upset their own people enough to force them to stop production.  A good thing too because that program was turning up in a lot of government systems, like here for example.

   However, just like every 80′s horror movie, the thing just refuses to die.  So,  the announcement posted on 2 Dec 07, at (previous link removed, page taken down by saying they were making a come back didn’t come as too much of a shock.

   The old disbandment message dated 21 March 07 is still  on the front page of the Gray Pigeon website (why does the one pigeon look like a hummingbird…who knows.):

Gray Pigeon Trojan

   Just as promised, their fresh postings on 18 and 22 Nov 07 promise a revival of the site.   The posting on 22 Nov 07 could use some IT input on the screenshots.

Gray Pigeon Trojan

The text is too much for my Chinese but maybe some of you IT guys could provide some insight.


5 responses so far

5 Responses to “Damn Pigeons! 灰鸽子”

  1. jumperon 21 Dec 2007 at 4:37 pm

    What the heck does (乳鸽) mean in a hacking context? I’ve been wondering for a while now. I see this all the time. Also, sometimes chicken (I think).

  2. Heikeon 21 Dec 2007 at 6:48 pm


    You got me stumped there. Not a term I am familiar with. Since it literally means a baby pigeon, it might translate close to the same as 菜鸟, which is newby. If you give me a sentence I can probably get you closer.

    You won the last “who is this” contest. However, today we are looking for “灰鸽子.” Good luck to all our contestants!

  3. jumperon 25 Dec 2007 at 8:23 pm


    The article is a discussion of the features of the trojan. It is a pretty typical remote access trojan. The images that show 1.exe open in notepad display the “MZ” header that identifies a file as a Windows portable executable. The notepad image also shows the QQ numbers that 1.exe pages when the user goes online. Interesting that the trojan wasn’t packed though. There are much better tools than notepad to find strings in a PE file though. Whatever works, I guess. 1.exe is almost certainly built with a tool that lets the user define what QQ numbers to page to, what ports to use and so on.

    I couldn’t get a lot of the images to load on the page and my 中文 isn’t good enough to make sense without the images. The online translators aren’t very good at translating these sites.

  4. Heikeon 26 Dec 2007 at 7:03 pm


    Sorry, I missed your reply on this! Great input, glad you are on our side. Yeah, I couldn’t get some of the images to load either and it isn’t just your Chinese. Made my head hurt.

  5. [...]  The only problem is that these are fake solutions and they come bundled with malware such as the Gray Pigeon trojan designed to allow remote control of the [...]