Malware descriptions

Backdoor.Win32.Agent.uu aka Spamthru

It’s interesting to see the lengths malware authors have gone to secure their income. Recently, Joe Stewart from SecureWorks published a very nice description of a Trojan which in an attempt to keep other “competitors” out, installs an antivirus which it uses to keep the system clean. Unsurprisingly, the antivirus which the Trojan installs is KAV – specifically, a version of KAV for Wingate.

Up until now, most of the antivirus tools installed by trojans have been either rogue SpySheriff-like products or free disinfection tools like Microsoft’s MSRT. Which is why it’s really odd to see a real antivirus application being installed by a Trojan.

Detection for this thing is now available as Backdoor.Win32.Agent.uu.

Backdoor.Win32.Agent.uu aka Spamthru

Your email address will not be published. Required fields are marked *



APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox