sjdif.exe trojan

Posted by joy


Host: 66.194.6.79
Url: /sjdif.exe
Http Code : 403
Date: Jul 02 00:03:35
Http Version: HTTP/1.1″
Size in Bytes: 1010
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312462)

This exploit appears to be new and affecting Windows machines running Internet Explorer. As of this writing, Google only returned a few hits for the sjdif.exe file. According to this Sophos information page, the sjdif.exe file is a downloading component of the Troj/Ovedil-B Trojan.

The interesting part is that a client browser was hitting my site, apparently searching for a copy of the sjdif.exe file and the Sophos information page makes no mention of the infection being *spread* by client machines. Perhaps this is a new, distributed version of the trojan?

Update: An NTBugtraq message with details about the trojan.


One Response to “sjdif.exe trojan”

  1. Amyr Lima Says:

    I think it’s time for me to build a ‘’GREEK'’, … I’m sure they will destroy all Trojans around. Cheers !