Aliases: Trojan-Dropper.Win32.ZomJoiner.13.a, Trojan-Dropper.Win32.ZomJoiner.13.b, Trojan-Dropper.Win32.ZomJoiner.14, Trojan-Dropper.Win32.ZomJoiner.23, Trojan-Dropper.Win32.ZomJoiner.a
Variants: Trj/W32.ZomJoiner, Troj/ZomJoiner-22, TrojanDropper.Win32.ZomJoiner.22, ZomJoiner.22 Trojan Dropper, TROJ_ZOMJOINER.22, Trojan-Dropper.Win32.ZomJoiner.22

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 17 Nov 2003
Damage: Low

Characteristics: The W32.Zomjoiner program is a Trojan Horse that opens ports 3410 and 1735 for listening. It attempts to end system processes, drops and executes Backdoor.OptixPro.13 files, and grants remote attackers full access to the infected system.

More details about W32.Zomjoiner

W32.Zomjoiner is a Trojan Dropper that is risky on system’s security. Infection of this type of Trojan may result to unstable system, to a point of system crash. By default, the Trojan opens ports 3410 and 1735 for listening. The W32.Zomjoiner contains malicious and/or potentially unwanted software which it drops and installs on the infected system. It installs backdoor that would allow remote access to the system, and then install further malicious software on the infected device without user permission. Not only it installs unwanted programs in the system, it also attempts to steal user information. The W32.Zomjoiner Trojan does not have the capability to self-replicate. They are often manually spread, under executable premise; however, having W32.Zomjoiner Trojan infection means that the system is already insecure.

When a computer has a W32.Zhosu@mm infection, it attempts to end several system processes such as NAVAPSVC.EXE, SMSS.EXE, NSPLUGIN.EXE etc., drops Backdoor.OptixPro.13 files, and then executes these files giving the remote attacker full access to the infected system, which causes for data loss or leaking of user’s private and personal details.The W32.Zhosu@mm program may be able to enter system’s protected by weak passwords. Most worm applications contain lists of commonly used names and passwords. A brute force attack may even be used to guess the log-in from random characters. System vulnerabilities can also be used to enter the computer.