Traitor21 1.0
(Backdoor.Win32.Traitor)

By Liquid

Compressed with UPX

Released in May 2000


 Traitor21 is a nice trojan i once wrote when i was bored. When you run
  it it will run completely invisible in the background. You can also rename
  the windll32.exe before running it. It is invisible in the alt+tab list and 
  in the ctrl+alt+del list.
  

  The file will copy itself to the windows\system directory and add an
  entry to the registry so that it is always started at system startup. Then
  the original exe that you started from anywhere on that computer will delete
  itself. The computer is infected now.


  This trojan makes the computer it is running on an ftp server. You can use
  any ftp client to connect to the computer on port 21. You can use any username
  and password you like. When you are connected you will see an info line saying
  "traitor:21 server ready". Now you have full access to all files on the disk.


  If you find bugs or whish to give me credits send them to [email protected]
  Enjoy


  - Liquid


Server:
C:\WINDOWS\SYSTEM\WINDLL32.EXE

size: 276.480 bytes

Port: 21 TCP

Startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

MegaSecurity