The Laqma Trojan

Executive Summary iDefense first reported the Laqma Trojan horse on July 17, 2007, as a LOW-severity malicious code first reported by Sophos PLC (ID# 462657). e Trojan seems unremarkable except for the use of a rootkit. With potentially millions of samples of malicious code per year being shared within the industry, a Trojan such as this never stands out. Last week, a customer submitted a piece of code used in a semitargeted attack. Analysis from the iDefense custom analysis system and an additional sandbox test failed to yield any noteworthy results. is chapter will focus on the back-end portion of the Trojan.