The commands are: "Alert" - Puts the server into active mode, speeding up communication. "RedAlert" - Even faster. "Standby" - Back to standby mode. "Stop" - Stops the server; it will restart with Windows again. "Run" - Executes the file specified in the next line. An absolute path is required. "Delete" - Deletes the file specified in the next line. "Dload" - Downloads the file specified in the next line using OpenURL. This does not require authentication, so you can download from anywhere. "FTPU" - Uploads the file specified in the next line to the webserver. This must be the one specified when you configured the server. "FTPD" - Downloads the file specified in the next line, with the name and path given in the second line. "DirMap" - Maps the drive or directory specified to the designated file. Will return subdirectories only, not files, and uploads the file automatically. "FileMap" - Returns the files and subfolders in the specified directory. Be careful not to map a huge disk or network in one go, it may take a long time. "LogOn" - Starts the keylogger. Will log until the logfile reaches the size specified in the next line, then uploads it. The keylogger is on by default. "LogStop" - Stops the keylogger and uploads the last file. The script can be uploaded through the editor - don't forget to configure it by FTPCfg -, but then you are only as safe as the website provider: your IP will be in his logs. (However, it's not very likely that a Norwegian victim could ever retrieve the logs of a Caribbean site.) To maximize your anonymity, create the script and upload it through FTP or web, using proxies. The editor uses C: as a temp storage. The Unit ID should be the bare UID, like U-015F.
Backdoor.Uboot.aBackdoor.Uboot.bBackdoor.Uboot.c