Combined Forces Beta

Combined Forces Beta
(Backdoor.Win32.VB.apy)
(Backdoor.Win32.VB.aoi)

by Dark#Basics, Cerberus, Mafia, Nabz

Written in Visual Basic

Released in November 2005


Server:
dropped files:
c:\Program Files\Internet ExplorerIE.ico                        Size: 9,664 bytes 
c:\Program Files\Internet ExplorerMSN.ico                       Size: 9,664 bytes 
c:\Program Files\Internet Explorerwinup.ico                     Size: 4,288 bytes 
c:\Program Files\Internet ExplorerWMP.ico                       Size: 9,664 bytes 
c:\Program Files\Internet Explorer\internetexplorer.exe         Size: 94,208 bytes 
c:\WINDOWS\system32\Microsoft\sysfils\syslogon\backup002.exe    Size: 94,208 bytes 
c:\WINDOWS\system32\Microsoft\sysfils\syslogon\Settings.ecu     Size: 19 bytes 
c:\WINDOWS\system32\sysemboot\IE.ico                            Size: 9,664 bytes 
c:\WINDOWS\system32\sysemboot\WINUP.ico                         Size: 4,288 bytes 
c:\WINDOWS\system32\sysemboot\bootbackup\plugins\guardplug.dll  Size: 114,688 bytes 

port: 8171 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msnmsgr"
data: C:\WINDOWS\system32\winupdate32.exe 

tested on Windows XP
November 30, 2005

MegaSecurity