Ontarget 1.2.1
(Backdoor.Win32.Ontarg)
(not-a-virus:RemoteAdmin.Win32.WinVNC-based.b)
(not-a-virus:PSWTool.Win32.PassViewer)

by Ontarget

Written in Visual Basic, based on source of VNC

Released in August 2003

Made in Colombia

more versions


Server:
dropped files:
size: c:\WINDOWS\lsass.exe              size: 249.856 bytes
c:\WINDOWS\ISS.set 
c:\WINDOWS\lsass.exe 
c:\WINDOWS\MicrosotfDirectx.txt 
c:\WINDOWS\Desktop\Huevocartoon.lnk 
c:\WINDOWS\SYSTEM32\wbem\pluscold.exe 
c:\WINDOWS\SYSTEM32\wbem\plushot.exe 
c:\WINDOWS\SYSTEM32\wbem\secrcw32.exe 
c:\WINDOWS\SYSTEM32\wbem\trnsprov.swf 
c:\WINDOWS\SYSTEM32\wbem\tscfgwmi.swf 
 
port: 2000, 5555, 5800, 5900, 9908, 9909 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Explorer" 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 

MegaSecurity