Blackhole 2002 g & h

Blackhole 2002 g & h
(Backdoor.Singu.g for client)
(Backdoor.Singu.h for server)

by chengjingtao

Written in Delphi

Released in July 2002

Made in China


Server:
c:\WINDOWS\services.exe 

size: 218.258 bytes 

port: 2002 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "winlogon" 

registry added:
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodisconnect" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings "

file added:
c:\WINDOWS\winservices.dll

MegaSecurity