Trojen and Session?

Unanswered Question
umedryk Fri, 11/16/2007 - 06:30
User Badges:
  • Bronze, 100 points or more

When the Trojan attachment is opened, it downloads a copy of the email worm component. The email component is encrypted. It drops and installs wincom32.sys, which loads and infects a dll into the memory process of services.exe. The dll contains the capability to scan various UDP ports to create a peer-to-peer (P2P) network with other infected computers for the purpose of downloading and updating. The P2P network can then be used by a malicious user to retrieve information on what files to download and execute. It also retrieves information of additional peers and updates its own peer list file with the gathered information


This Discussion