The Trojan scans random ports on random machines, each time sending an initial SYN packet. One of the few identifiable characteristics of the program is a window size of 55808 on each of the packets it transmits. It also spoofs the . . .
The Trojan scans random ports on random machines, each time sending an initial SYN packet. One of the few identifiable characteristics of the program is a window size of 55808 on each of the packets it transmits. It also spoofs the originating IP address on all of the packets, making them look as if they're coming from machines in unallocated name space.

ISS has been tracking the Trojan for about a month and has yet to find a copy of its code or successfully trace it back to an infected machine. Other security vendors and officials at the Department of Homeland Security are also tracking the Trojan, all without any luck so far.

The link for this article located at eWeek is no longer available.