.: Bmail (b) :.
- Coded by: ?
- Version: Bmail (b)
- Coded in: Microsoft Visual C++
- Family: Bmail
- Category: Remote Access
dropped file: c:\WINDOWS\system32\hom1.txt port: 5153 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "setFTPBack" data: C:\WINDOWS\System32\createsw.exe attempts to connect to a FTP Server explorer startpage is altered to "--/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\--" tested on Windows XP November 16, 2005
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.