MSRT January ‘11: Win32/Lethic

Win32/Lethic is a trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as “shelldm.exe” or “xcllsx.exe”. The malware loads as a process when Windows starts. The trojan establishes a connection to remote servers using varied TCP ports, such as 1430, 8900, 8090 and…

0