Universal1337 Trojan

http://www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html

Sig 2007967 covers the FTP upload. 2007968 for email. For reference, here's text of an upload slightly obfuscated:


#########################################################
#########################################################
###########      Universal1337 Version 2      ###########
###########                                   ###########
###########             By Eddy-K             ###########
###########                                   ###########
#########################################################
#########################################################
 
 
 
 
/////////////////////////////////////////////////////
////////////           Steam           //////////////
/////////////////////////////////////////////////////
 
==================================================


==================================================
 
 
 
 
/////////////////////////////////////////////////////
////////////          Internet         //////////////
/////////////////////////////////////////////////////
 

 
 
 
 
/////////////////////////////////////////////////////
////////////         Messengers        //////////////
/////////////////////////////////////////////////////
 

 
 
 
 
/////////////////////////////////////////////////////
////////////        Produkt Keys       //////////////
/////////////////////////////////////////////////////
 
==================================================
Product Name      : Microsoft Windows XP
Product ID        : 5xxx4-640-1xxxx51-xxxx0
Product Key       : xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Computer Name     : BOB9
==================================================

==================================================
Product Name      : Internet Explorer
Product ID        : 5xxx4-640-1xxxx51-xxxx0
Product Key       : xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Computer Name     : xxxxx
==================================================


 
 
 
 
/////////////////////////////////////////////////////
/////////  http, https & Outlook Express  ///////////
/////////////////////////////////////////////////////
 
==================================================
Resource Name       : IdentitiesPass 
Resource Type       : Outlook Express Identity 
User Name/Value     : Main Identity 
Password            : 
==================================================


 
 
 
 
/////////////////////////////////////////////////////
/////////             PC Infos            ///////////
/////////////////////////////////////////////////////
 

x86 Family 6 Model 3 Stepping 3
 
Arbeitsspeicher: .xxx MB
Angemeldeter User: .xxxx
Computername: ..xxxx
IP-Adresse: ..192.168.xx.xx    
Betriebssystem: .Windows XP professional
Service-Pack: ..Service Pack 2
HOMEDRIVE=C:
 
 
 
 

-- MattJonkman - 10 Mar 2008

Topic revision: r2 - 2008-07-11 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats