|
|
|
by Movsessian
Written in Visual Basic
Released in March 2007
|
|
|
|
|
Server
dropped files:
c:\Documents and Settings\%user%\Desktop\hello.exe
size: 704,512 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{101A4345-8D20-C293-0206-070000060105}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\x
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ctfmon.exe"
data: C:\Documents and Settings\%user%\Desktop\hello.exe
tested on Windows XP
March 28, 2007
MegaSecurity