Winter Love 2.1
(Backdoor.Win32.WinterLove.j for Client)
(Backdoor.Win32.WinterLove.i for Server)

by plunix

Written in Microsoft Visual C++

Released in March 2005

Made in China

more versions


Winter Love 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
Base config:
server port :           [ 3043 ]
server password :       [ plunix ]
password tips :         [ Need Password: ]
cmd message :           [ [plunix@root]# ]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
Service config:
service name :          [ MySrvShell ]
service displayname :   [ MySrvShell Service ]
service description :   [ Provide Windows CmdShell Class Service ]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
Ftp service config:
ftp port :              [ 21 ]
ftp login name :        [ plunix ]
ftp login pass :        [ plunix ]
ftp path :              [ C:\MyFtp ]
                                           
plunix                                        


Server:
dropped file:
c:\WINNT\system32\server.exe
size: 46,608 bytes 

port: 3043 TCP

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MYSRVSHELL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySrvShell
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYSRVSHELL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySrvShell



tested on Windows 2000
May 08, 2005
MegaSecurity