by Splinter
Written in Visual Basic
Released in November 2004
Server: dropped files: c:\WINDOWS\Update.exe size: 240.046 bytes c:\WINDOWS\system\Cur.cur size: 2.240 bytes c:\WINDOWS\system\Update.exe size: 240.046 bytes c:\WINDOWS\system32\Update.exe size: 240.046 bytes port: 876, 1216, 958 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Update" data: c:\windows\system\Update.exe / HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Update" data: c:\windows\system32\Update.exe / tested on Windows XP November 12, 2004MegaSecurity