From; Sophos Alert System: Name: Troj/Bdoor-ZAT Type: Trojan Date: 5 April 2005 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the May 2005 (3.93) release of Sophos Anti-Virus. Customers using EM Library, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. At the time of writing, Sophos has received a small number of reports of this Trojan from the wild. Information about Troj/Bdoor-ZAT can be found at: http://www.sophos.com/virusinfo/analyses/trojbdoorzat.html Troj/Bdoor-ZAT is a backdoor Trojan for the Windows platform. The Trojan opens a backdoor on port 63714 and listens for connections from remote intruders. The Trojan then can offer a remote shell to the intruder. The Trojan remains active by hooking into the explorer process. Troj/Bdoor-ZAT installs itself in the Windows system folder as explorer.exe and userinit.dll. This IDE file also includes detection for: Troj/Fwdisab-A http://www.sophos.com/virusinfo/analyses/trojfwdisaba.html Troj/Mosuck-X http://www.sophos.com/virusinfo/analyses/trojmosuckx.html W32/Rbot-ZW http://www.sophos.com/virusinfo/analyses/w32rbotzw.html Troj/Small-UF http://www.sophos.com/virusinfo/analyses/trojsmalluf.html Troj/Small-AMT http://www.sophos.com/virusinfo/analyses/trojsmallamt.html Troj/Singu-I http://www.sophos.com/virusinfo/analyses/trojsingui.html Troj/StartPa-FN http://www.sophos.com/virusinfo/analyses/trojstartpafn.html Troj/Bdoor-ZAS http://www.sophos.com/virusinfo/analyses/trojbdoorzas.html Troj/QQRob-A http://www.sophos.com/virusinfo/analyses/trojqqroba.html Troj/VB-GJ http://www.sophos.com/virusinfo/analyses/trojvbgj.html Download the IDE file from: http://www.sophos.com/downloads/ide/bdoorzat.ide Download all the IDE files available for the current version of Sophos Anti-Virus in a single compressed file. The file is available in two formats: Zip file: http://www.sophos.com/downloads/ide/ides.zip Self-extracting file: http://www.sophos.com/downloads/ide/ides.exe Read about how to use IDE files at http://www.sophos.com/downloads/ide/using.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member