Remote Desktop

Written in Delphi, source included

Released in June 2003

Made in Germany

Server:
dropped file:
c:\WINDOWS\Desktop.exe 

size: 586.752 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Desktop" 

added:
c:\WINDOWS\desktop.jpg 

remark:
Used  method:
Microsoft Internet Explorer (unpatched) contains a vulnerability that can allow script code 
within an HTML document to run an embedded executable file. Since the file is an HTML file,
Internet Explorer will open and parse the file. When the script that points back 
to the embedded executable is parsed, the embedded executable will run on the client
system in the security context of Internet Explorer. 
(Securityfocus)