Trojan Picks Up Steam, Baffles Experts
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Trojan Picks Up Steam, Baffles Experts

Written By
Dennis Fisher
Dennis Fisher
Jun 18, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A new Trojan that has been making its way around the Internet in recent weeks continues to baffle security experts, who have been unable to get a good handle on its behavior.

The Trojan apparently made its first appearance around May 16 and began randomly scanning Internet-connected machines. The scanning was slow at first but has begun to pick up speed in recent days as more machines have become infected. Researchers at Internet Security Systems Inc. in Atlanta have been seeing nearly 3,000 scans an hour on Tuesday across the entire address space that the company monitors.

The Trojan scans random ports on random machines, each time sending an initial SYN packet. One of the few identifiable characteristics of the program is a window size of 55808 on each of the packets it transmits. It also spoofs the originating IP address on all of the packets, making them look as if theyre coming from machines in unallocated name space.

ISS has been tracking the Trojan for about a month and has yet to find a copy of its code or successfully trace it back to an infected machine. Other security vendors and officials at the Department of Homeland Security are also tracking the Trojan, all without any luck so far.

“We still dont have a good idea where its going or if its communicating with anyone,” said Pete Allor, manager of X-Force Threat Intelligence Services at ISS. “I dont want to say Im close, but Im closer than I was yesterday.”

Researchers have been frustrated by the Trojans random behavior, which has helped it elude capture. One of the few nuggets of information that experts have at this point is that a portion of the hex code in the packets the Trojan sends contains the term “day 0.” In security circles, the phrase “zero day” is often used to describe attacks on vulnerabilities that have just been discovered.

Despite the problems tracking the Trojan so far, Allor believes its only a matter of time before someone gets a handle on it. When he does find it, Allor is eager to peek into the Trojans code and see what makes it tick.

“This is a new one. It piqued our curiosity really quick,” he said.
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information