ALIASES:

Backdoor.Win32.ServU-based (Kaspersky); Win32/ServU-Daemon (ESET-NOD32)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

This hacking tool may arrive bundled with malware packages as a malware component. It may be manually installed by a user.

  TECHNICAL DETAILS

Tamaño del archivo 607,744 bytes
Tipo de archivo EXE
Residente en memoria Yes
Fecha de recepción de las muestras iniciales 13 Nov 2013

Arrival Details

This hacking tool may arrive bundled with malware packages as a malware component.

It may be manually installed by a user.

Installation

This hacking tool drops the following component file(s):

  • {current path}\SERV-U.INI
  • {current path}\IPSERVU.TXT

Other System Modifications

This hacking tool creates the following registry entry(ies) to bypass Windows Firewall:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and filename} = "{malware path and filename}:*:{malware filename}"

NOTES:

This hacking tool may be used to setup an FTP server that allows a remote user to upload and download files from affected machines.