Video Screencast Help
Security Response

“Storm Trojan” Illustrated

Created: 25 Jan 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:53:11 GMT
Dave Cole's picture
0 0 Votes
Login to vote

We’re happy to report that so far today, Peacomm and Mixor.Qactivity is lighter than the maelstrom of activity we’ve seen inprevious days. We’ve noted no new spam runs today, with the malwaresubmissions and activity levels tapering off a bit as well. Phew! OurSecurity Response team in Pune, India, has pulled together a slickFlash-based run through of the attack, which can be viewed using thefollowing URL:
http://www.symantec.com/content/en/us/home_homeoffice/media/flash/peacomm.html

Just a little more info on this threat you may have not heardbefore—it is communicating over peer-to-peer using the Overnet protocoland network (of eDonkey fame). After connecting to the network, thethreat then searches for some particular hashes (searches are done byhash, not by specific filename) and eventually it receives a reply thatincludes some 'meta tag' information. The meta tag information isencrypted and contains information on where/what to download (e.g.Mixor.Q, Trojan.Abwiz.F). You can stay up-to-date on the outbreak alertfor the Storm Trojan by visiting the Threat Advisory Center.