There's a new Trojan horse in town called Qaz.trojan (W32.HLLW.QAZ.A).
 This malicious code spreads within a network of shared computer systems,
 infecting the Notepad.exe file.
 Trojan horses are often not one but many smaller programs bundled together,
 and one malicious program particular to the Qaz.trojan will open port 7597,
 allowing a hacker to come along later and gain access to the infected computer.
 Qaz.trojan requires a user on an infected system to open the Notepad.exe file.
 Qaz.trojan ranks as a 5 on the ZDNet Virus Meter. 

 How It Works
 Although it may have originally spread as an e-mail,
 a download from a Web site, or through IRC chatrooms,
 Qaz.trojan now spreads within local-area networks.
 If the user of an infected system opens Notepad,
 the virusis run.
 Qaz.trojan will look for individual systems that share a networked drive,
 then seeks out the Windows folder and infects the Notepad.exe file on those systems.
 Qaz.trojan first renames Notepad.exe to Note.com then creates the virus-infected file Notepad.exe.
 This new Notepad.exe has a length of 120,320 bytes. 

Qaz.trojan rewrites the System Registry to load itself every time the computer is rebooted.
 Users monitoring their open ports may notice unusual traffic on TCP port 7597 if a hacker
 connects to the infected computer. 


Server:
size: 118 KB

port: 7597 TCP
              
startup: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run