Messiah 4.0
(Backdoor.Win32.VB.aal for Client)
(Backdoor.Win32.VB.aap for Server)

by Splinter

Written in Visual Basic

Released in January 2005

more versions 




Server:
dropped files:
c:\WINDOWS\Update.exe           size: 228,177 bytes 
c:\WINDOWS\system\Cur.cur       size: 2,240 bytes 
c:\WINDOWS\system\Update.exe    size: 228,177 bytes 
c:\WINDOWS\system32\Update.exe  size: 228,177 bytes 

port: 7080, 4509  TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Update"
data: c:\windows\system32\Update.exe / 



tested on Windows XP
January 31, 2005
MegaSecurity