Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Trojen and Session?

Hi

i have to know how the Trojen move between PCs?is there via sharefolders or or unitiate a TCP Session(if via a tcp seesion how can i know?),how can i know about these Things any

  • Other Network Infrastructure Subjects
1 REPLY
Silver

Re: Trojen and Session?

When the Trojan attachment is opened, it downloads a copy of the email worm component. The email component is encrypted. It drops and installs wincom32.sys, which loads and infects a dll into the memory process of services.exe. The dll contains the capability to scan various UDP ports to create a peer-to-peer (P2P) network with other infected computers for the purpose of downloading and updating. The P2P network can then be used by a malicious user to retrieve information on what files to download and execute. It also retrieves information of additional peers and updates its own peer list file with the gathered information

258
Views
0
Helpful
1
Replies