Netbot Attacker 1.6
(Worm.Win32.AutoRun.ju)

by Warning Security Team

Released in November 2007

Made in China

more versions




Server
Dropped File:
c:\WINDOWS\system32\drivers\svchost.exe
Size: 10,641 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv "ImagePath"
Old data: %systemroot%\system32\svchost.exe -k netsvcs 
New data: %SystemRoot%\system32\drivers\svchost.exe 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv "ImagePath"
Old data: %systemroot%\system32\svchost.exe -k netsvcs 
New data: %SystemRoot%\system32\drivers\svchost.exe 



Tested on Windows XP
December 27, 2007

MegaSecurity