MoSucker ErEbuS Server
(Backdoor.Win32.MoSucker.20.a)

by Krusty
Modified by ErEbuS

Released in December 2001


Ive packadged the mosucker trojan into a new trojan installer that compresses the file differently.
This also installs the visual basic 6.0 runtimes with it.
Copies file to system directory quietly and runs mosucker.
Ofcourse, after it runs the mosucker server, the antivirus will pick it up.
I leave this problem to you.
 
These are the attached server's settings:
port: 1037 (default)
filename: wsvchost.exe
deny local connections
events: deleting/restoring of netstat and kills the threads of avs/fw
melts the install

ErEbuS 




Server: 
C:\WINDOWS\SYSTEM\SVR.EXE
C:\WINDOWS\WSVCHOST.EXE

port: 1026, 1037 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BEUICVQ-ZPDEV-ZYK-OSWOZ-IPCJBGEKJHF}\ StubPath=WSVCHOST.exe 4337

added file:
C:\WINDOWS\WINSTART.BAT

MegaSecurity