The Unexplained 1.0
(Backdoor.Win32.Unexplained)

by Darkstar

Written in Visual Basic

Released in May 1999



The Unexplained facts:

 - It has 5 functions:
    - Ping
    - Execute
    - Delete
    - Upload
    - Reboot
 - Server size is 12,5 KBs / 12.800 bytes (ASPacked)
 - Written in VB5
 - Entire Source Code is released
 - Trojan is entirely UDP based including the file transfer
(Sends one chunk, waits for reply, then sends another, and so on...)
I choose UDP so it wouldn't show up in netstat.
(UDP = Bad for large files)
 

Release date: 22nd of May 1999

Darkstar


Server: 
dropped files:

port: 29891 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "InetB00st"
data: %trojanpath%\Theunexplained1.0Inetb00st.EXE 


tested on Windows XP
February 14, 2005

MegaSecurity