"webmoney" trojan and COM interface analysis

[Pierre Vandevenne <pierre () datarescue com>]

Hello incidents,

  We have analyzed a trojan that was spammed on us early this week.
Not really a big news in itself as similar beasts are seen on a
regular basis but since COM based hostile code is notoriously hard to
analyze statically, we have published some details that could help
other analysts facing similar trojans

  www.datarescue.com/idabase/greetings is the place. We have put a
basic text description of the trojan and documented our in-depth
analysis with a couple of IDA databases and their equivalent listings
in pure text mode.

-- 
Best regards,
Pierre                          mailto:pierre () datarescue com
www.datarescue.com/idabase - home of the IDA Pro Disassembler
IDA Pro: the undisputed leader in hostile code analysis


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>