BlueAngel 0.1

BlueAngel 0.1
(Backdoor.Win32.Blueang.a for Client)
(Backdoor.Win32.Blueang.b for Server)
(Backdoor.Win32.Blueang.c for netcfg.dll)

by leonshoh

Invisible Telnetserver

Written in Visual C++

Released in September 2003

Made in China

more versions


Server:
dropped file:
c:\WINNT\system32\ntfrsprf.exe 

size: 23.646 bytes

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" 

added:
c:\WINNT\jveiw.exe 
c:\WINNT\system32\krnl.exe 
c:\WINNT\system32\msntc.exe 
c:\WINNT\system32\netcfg.dll 
c:\WINNT\system32\netlogin.dll 
c:\WINNT\system32\ntbackup.ocx 
c:\WINNT\system32\ntfrsprf.exe 
c:\WINNT\system32\ntkrnl.exe 
c:\WINNT\system32\script.dll 

remark:
tested on win2000

MegaSecurity