be advised guys
This detection is for a remote access trojan whose server component is a worm, intended to propagate via two channels:
KaZaa P2P file-sharing networks (under various enticing filenames)
mIRC channels (as RealWayToHack.exe)
The worm terminates processes relating to a significant number of anti-virus and security products if they are running.
Once running on the victim machine, the worm opens a port (default = 31337, but this is configurable) which enables the hacker to connect (using the client component, described below). A public script library is used in order to send a notification to the hacker via HTTP. The noification contains the following information (obviously IP address and port number will vary):
Remote IP : A.B.C.D
Remote Port : 31337