Winicabras 1.1

Winicabras 1.1
(Backdoor.Win32.Servidor.f)

by DarkiD

Written in Visual Basic

Released in January 2004

Made in Mexico




Server:
dropped files:
c:\WINNT\system\FOTOSNuevas.BMP.exe  size: 143,360 bytes 
c:\WINNT\system\wrundll2.exe         size: 143,360 bytes

port: 23, 3132, 7778, 8966, 12667 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Update"
data: C:\WINNT\system\wrundll2.exe

tested on win2000

MegaSecurity