DarkNet

DarkNet
(Not detected by KAV on February 16, 2008)

by ?

Client written in Visual Basic, Server in Assembler. Source included

Released in June 2007


Server
Dropped Files:
c:\WINDOWS\MSN-update.exe             Size: 7,168 bytes 
c:\WINDOWS\system32\w32mslsass.exe    Size: 7,168 bytes 

Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MICROSOFT LSASS SERVICE"
Data: C:\WINDOWS\System32\w32mslsass.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MSN AUTOUPDATE"
Data: C:\WINDOWS\MSN-update.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MSN MESSENGER"
Data: msnmsgr.exe 

Tested on Windows XP
February 16, 2008

MegaSecurity