Written in Visual Basic, server compressed with UPX

Released in December 2003

Fake Client:
registry added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinAgent"



Server:
dropped file:
c:\WINDOWS\SYSTEM\mmtask0.exe 
size: 66.048 bytes

startup;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "mmtask0"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinAgent"