Remote Server Trojan 2.0

Remote Server Trojan 2.0
(Backdoor.Win32.RServer.b for Server)
(Backdoor.Win32.RServer.a)

by Onehalf

aka RServer

Written in Delphi

Released in March 2002

Made in Russia


Client:
port: 6767 TCP



Server:
dropped file:
c:\WINDOWS\nwbackup.exe 

size: 352.768 bytes 

port: 6000 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "NetBackup"

MegaSecurity