A ASP Trojan, using cookie, doing a log that does not have GET generated. User verification use sessions Whether it is used for black and white is also safe
http://www.xfocus.net/tools/200408/nbsi2.rar