| Name: | Lithium |
| Aliases: | Backdoor.Lithium, BackDoor.YQ, |
| Ports: | 80, 1024, 31382, 31415, 31416, 31416 (UDP) |
| Files: | Lithium101.zip - Lithium101b.zip - Lithium1.0b5.zip - Lithium_v100b5-public.zip -V100-final.zip - V100b5-public.zip - V1.01uncompressed.zip - Multimedia.zip - Shell32.exe - Iexplorer.exe - Registry.exe - Events.lsf - Example.lsf - Kernel32.dll - Cli_capture.dll - Srv_capture.dll - Srv_funstuff.dll - |
| Created: | Dec 2001 |
| Requires: | Kernel32.dll, User32.dll, Advapi32.dll, Mpr.dll, Shell32.dll, Msvcrt.dll and Wsock32.dll - are required to run the trojan. |
| Actions: | Remote Access / Steals passwords / Network trojan / Downloading trojan |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ | |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ | |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\ | |
| Notes: | Works on Windows 95, 98, ME, 2000 and XP. Does NOT work on Windows NT. |
| Country: | |
| Program: | Server written in C++ and client in Delphi. |