by Shukisnike
Written in Delphi, compressed with UPX
Released in August 2004
Client: port: 28888, 80 TCP Server: dropped files: c:\WINDOWS\SYSTEM\SP00LSV.EXE size: 28.160 bytes c:\WINDOWS\SYSTEM\WINL0G0N.EXE size: 28.160 bytes port: 8086, 8087, 25555, 2600, 1027, 23333 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WINLOGON" data: WINL0G0N.EXEMegaSecurity