search
close

HKTL_SERVU

November 15, 2013
 ALIASES:

Backdoor.Win32.ServU-based (Kaspersky); Win32/ServU-Daemon (ESET-NOD32)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW


This hacking tool may arrive bundled with malware packages as a malware component. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

607,744 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

13 Nov 2013

Arrival Details

This hacking tool may arrive bundled with malware packages as a malware component.

It may be manually installed by a user.

Installation

This hacking tool drops the following component file(s):

  • {current path}\SERV-U.INI
  • {current path}\IPSERVU.TXT

Other System Modifications

This hacking tool creates the following registry entry(ies) to bypass Windows Firewall:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and filename} = "{malware path and filename}:*:{malware filename}"

NOTES:

This hacking tool may be used to setup an FTP server that allows a remote user to upload and download files from affected machines.