Troj/Bdoor-IU is a backdoor Trojan for the Windows platform.
When first run Troj/Bdoor-IU copies itself to <Windows>\lsass.exe. The Trojan
will then report infection and download commands from predefined URLs.
The Trojan has the following functionality:
download & execute files
move/copy files on infected computer
send files from infected computer
search for files on infected computer
delete files from infected computer
terminate processed on infected computer
log activity on infected computer
One or more of the following registry entries will be created to run lsass.exe on
startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe <Windows>\lsass.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogService
<Windows>\lsass.exe