ALIASES:

Backdoor.Win32.ServU-based (Kaspersky); Win32/ServU-Daemon (ESET-NOD32)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

This hacking tool may arrive bundled with malware packages as a malware component. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size: 607,744 bytes
File Type: EXE
Memory Resident: Yes
Initial Samples Received Date: 13 Nov 2013

Arrival Details

This hacking tool may arrive bundled with malware packages as a malware component.

It may be manually installed by a user.

Installation

This hacking tool drops the following component file(s):

  • {current path}\SERV-U.INI
  • {current path}\IPSERVU.TXT

Other System Modifications

This hacking tool creates the following registry entry(ies) to bypass Windows Firewall:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and filename} = "{malware path and filename}:*:{malware filename}"

NOTES:

This hacking tool may be used to setup an FTP server that allows a remote user to upload and download files from affected machines.