Remote Dark Trojan 1.0

Remote Dark Trojan 1.0
(Backdoor.Win32.VB.all for Client)
(Backdoor.Win32.VB.aqx for Server)
(Trojan.Win32.Genome.auzp for Dark Collector.exe)

by Canadian Spike

Written in Visual Basic

Released in January 2004

Error Box by Server




Server:
dropped file:
c:\WINDOWS\SYSTEM32\Winzip32.EXE 

size: 87.040 bytes 

port: 4433 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WINZIP32"
data: C:\WINDOWS\SYSTEM32\WINZIP32.exe  



tested on Windows 98
May 10, 2005

MegaSecurity