So the idea is this alleged Trojan is something like Stuxnet?
I’m skeptical, and I am in the power industry. The company I work for has nothing critical running on Win98. I’d be surprised if we ever did have any critical controls running on Win98.
Based on this article and some of the security forums I’ve read, that’s exactly what this is. It’s a trojan that was installed years ago and has just propagated.
That’s the normal course of action with security breaches of this type: they survey and map the environments first, often with little touching of the actual network. SNMP- and WMI-based network monitoring often help them since they’re often not properly secured. Once the network is mapped, they plan the attack vectors and infect them. Then, at the flip of a switch, either manual or timed, the infection starts and does its damage, often long after the original infiltrators have closed up their tunnels or pipes into the network.