Ursus 1.0
(Backdoor.Win32.Ursus)

by icyfox

Weitten in ASM, source included

Released in January 2004

Made in China


dropped file:
c:\WINDOWS\SYSTEM\con..exe 
size: 3.072 bytes 

port: 80 UDP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "(Default)"
data: C:\WINDOWS\System32:con..exe 




tested on Windows 98
March 14, 2005
MegaSecurity