Update:  I just spoke with Mike Wood, VP of Research at Lavasoft— this is not the same variant of the trojan as we found (they have also updated their database to the one we have been discussing).  However, they have some really interesting data so we are hoping to collaborate.

Very interesting, a comfirmation (finally) of the kind of stuff we found. Lavasoft just posted a research note on a trojan and a server which look very similar to the one we found.    Good stuff and well done to these guys. We’re pinging Lavasoft (currently closed as they are in Sweden) to find out more.   Different variant or the same one?  We should hopefully know more soon.   


Alex Eckelberry

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.