Back Attack 1.3
(Backdoor.Win32.Delf.fh for Client)
(Server may be infected with Win32.FunLove.4070)

by CurrenTChaoSGroup

Written in Delphi, compressed with UPX

Released in February 2003

Made in Romania

more versions 


Client:
port: 1001 TCP



Server:
c:\WINDOWS\Check.exe 

size: 298.496 bytes 

port: 100, 101, 102, 103, 104, 143, 1533, 2299, 6213 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Registrychecker" 

added:
c:\WINDOWS\Matrix.scr
MegaSecurity