Messiah 2.0
(Backdoor.Win32.VB.gen for Server)
(Backdoor.Win32.VB.ys for Client)

by Splinter

Written in Visual Basic

Released in August 2004

more versions 




Server:
size: 201.086 bytes

port: 876, 1216, 958 TCP 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: c:\windows\system\Updates.exe /
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: c:\windows\system32\Updates.exe / 

tested on win2000




on win98:
dropped files:
c:\WINDOWS\Updates.exe          size: 201.086 bytes 
c:\WINDOWS\SYSTEM\Cur.cur       size: 2.240 bytes 
c:\WINDOWS\SYSTEM\Updates.exe   size: 201.086 bytes 
c:\WINDOWS\SYSTEM32\Updates.exe size: 201.086 bytes 

deleted file:
c:\WINDOWS\COMMAND.COM
c:\WINDOWS\REGEDIT.EXE

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: c:\windows\system\Updates.exe /
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: c:\windows\system32\Updates.exe /
MegaSecurity