NetMonitor 2.0 (build 90128)
(Not detected by AVP on October 25, 2004 for client for client)
(Backdoor.Netspy.20.c for server)

by Tiger Liu

aka NetSpy

Written in Microsoft Visual C++

Released in July 1999

Made in China

more versions


Server:
dropped file:
c:\WINNT\system32\netspy.exe
size: 131.072 bytes  
 
port: 7306 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "netspy"
data: netspy.exe 
 
tested on Windows 2000

MegaSecurity