Malware descriptions

Backdoor.Win32.Agent.uu aka Spamthru

It’s interesting to see the lengths malware authors have gone to secure their income. Recently, Joe Stewart from SecureWorks published a very nice description of a Trojan which in an attempt to keep other “competitors” out, installs an antivirus which it uses to keep the system clean. Unsurprisingly, the antivirus which the Trojan installs is KAV – specifically, a version of KAV for Wingate.

Up until now, most of the antivirus tools installed by trojans have been either rogue SpySheriff-like products or free disinfection tools like Microsoft’s MSRT. Which is why it’s really odd to see a real antivirus application being installed by a Trojan.

Detection for this thing is now available as Backdoor.Win32.Agent.uu.

Backdoor.Win32.Agent.uu aka Spamthru

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox