SecurityHome.eu Rootkit:W32/Agent.TZ

Home / malware PDF

Rootkit:W32/Agent.TZ

First posted on 15 September 2008.
Source: SecurityHome
Aliases :
There are no other names known for Rootkit:W32/Agent.TZ.
Explanation :
A program or set of programs which hides itself by subverting or evading the computer's security mechanisms, then allows remote users to secretly control the computer's operating system.

right]Agent.TZ creates the following device object and symbolic link so that Worm:W32/VB.KS (usermode) can open a handle to the driver.

Devicehideproc

DosDeviceshideproc

It processes the control code sent by Worm:W32/VB.KS so that its process will be hidden in the process list.

It uses a Direct Kernel Object Manipulatin (DKOM) technique for hiding processes.
Last update 15 September 2008

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Exploit.JS.Agent.F
Trojan-Downloader:HTML/Agent.DY
Trojan.Downloader.JS.Agent.PB
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan-Dropper:W32/Agent.DSM
Trojan-Downloader:W32/Agent.BOY
Trojan-Dropper:W32/Agent.PR
Email-Worm:W32/Agent.BC
Trojan.Clicker.Agent.NP