Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.

Good beginner’s intro with pretty pictures 🙂