Backdoor.Win32.Agent.uu aka Spamthru

It’s interesting to see the lengths malware authors have gone to secure their income. Recently, Joe Stewart from SecureWorks published a very nice description of a Trojan which in an attempt to keep other “competitors” out, installs an antivirus which it uses to keep the system clean. Unsurprisingly, the antivirus which the Trojan installs is KAV – specifically, a version of KAV for Wingate.

Up until now, most of the antivirus tools installed by trojans have been either rogue SpySheriff-like products or free disinfection tools like Microsoft’s MSRT. Which is why it’s really odd to see a real antivirus application being installed by a Trojan.

Detection for this thing is now available as Backdoor.Win32.Agent.uu.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *