NetSnooper GOLD 1.6.0
(Trojan.Win32.Genome.ild)

by Don Reid

Created in 1998

According to LockDown Corp: The program shown above is called Netsnooper Gold v1.6 and is used to scan for default trojan ports and find infected machines. A great type of program for this type of trojan attack because it is opening many ports. Once the program is started, it will start opening ports and making connections to computers. If someone tries to keep up with the many connections that it was making and ports that it was opening, it would be almost impossible to keep track of them all. The person that programmed this port scanner had this in mind when he put a timer on his listening port. After about a minute of the program being open will open port 6701 and listen on it for any connections to be made. Anyone that starts the program and starts to use it would easily miss this port being opened. After the port is opened the Netsnooper Gold program will send out two ICQ notify messages that contain ICQ password and UIN information including the local IP address of the person using the Netsnooper program. The author now has all of the information needed to connect to your machine and start uploading or downloading files.


port: 6701 TCP

Added:
c:\WINDOWS\NETSNOOP.INI 

MegaSecurity