The Atlanta-based security services firm SecureWorks discovered, by way of an inquiry from one of its Windows customers, what appears to be a very sophisticated Trojan horse program. Under intense analysis, the program was discovered to be attempting to deliver users’ certificates and other identifying data to a variety of IP addresses found to be hosted in Russia.

The Trojan trips only a handful of anti-virus programs using heuristic analysis, an in-depth SecureWorks report states, including Sophos, Symantec, F-Prot, and CA’s VET. But it just slips by most other protection programs; and evidence trails uncovered by SecureWorks indicate that specifically-targeted users may have been infected as far back as December 2006.

BetaNews