by Ali Moazemi
Released in January 2008
Made in Iran
Server Dropped Files: c:\WINDOWS\config.iss Size: 4 bytes c:\WINDOWS\system\fileme.txt Size: 166 bytes c:\WINDOWS\system\svshoct.exe Size: 135,523 bytes c:\WINDOWS\system32\config.htm Size: 712 bytes c:\WINDOWS\tools\svshost.exe Size: 135,523 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" Old data: Explorer.exe New data: explorer.exe C:\WINDOWS\system\svshoct.exe Tested on Windows XP January 20, 2008MegaSecurity