K0bel 0.4

K0bel 0.4
(Backdoor.Win32.Tiny.o)
(Trojan-Dropper.Win32.Tiny.f)

by Ct757[TPOC]

Released in November 2005

Made in Russia


Server:
dropped file:
c:\WINDOWS\system32\shdll.dll
size: 3,584 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\shdll



tested on Windows XP
March 18, 2006

MegaSecurity