Emerging P2P Trojan Botnet Uncovered

7:52 pm (UTC-7)   |   by Oscar Abendan (Technical Communications)

News of a new botnet has been circulating recently in the threat landscape. According to reports, several systems have been infected by TROJ_DLOADE.ATJ, which has been built to download and install other malware. The Trojan does not, however, seem to have any distributed denial-of-service (DDoS) capability.

This Trojan may be downloaded when users visit sites under the domain {BLOCKED}m.com or {BLOCKED}n.net. It may also download other malware from the said domain. Once installed, it attempts to connect to the command-and-control (C&C) server using TCP port 8090 to register itself and to wait for commands. It also has the capability to communicate with other bots via some kind of peer-to-peer (P2P) connection over ports 7000–7010. It also connects to specific malicious sites, which are currently inaccessible.

Read more at Trend Labs Malware Blog

Comments are closed.