We've been spending most of the past week pulling apart Trojan.Dozer in order to get a full understanding of what its purpose is. Its most publicized feature is the DDOS attacks it performs against a number of sites. But after some further research we've found some other sinister features in the form of an old school time bomb.
First of all, the trojan will check if system time is after July 10th 2009 00:00:00. If it's after this time then the threat will begin its real mischief. It first searches files with the following extensions:
