[virusinfo] Troj/Bdoor-ZAT

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Tue, 05 Apr 2005 10:10:04 -0700

From; Sophos Alert System:

Name: Troj/Bdoor-ZAT
Type: Trojan
Date: 5 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the May 2005 (3.93) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this Trojan from the wild.


Information about Troj/Bdoor-ZAT can be found at:
http://www.sophos.com/virusinfo/analyses/trojbdoorzat.html

Troj/Bdoor-ZAT is a backdoor Trojan for the Windows platform. 
The Trojan opens a backdoor on port 63714 and listens for connections from 
remote intruders. The Trojan then can offer a remote shell to the intruder. The 
Trojan remains active by hooking into the explorer process. 
Troj/Bdoor-ZAT installs itself in the Windows system folder as explorer.exe and 
userinit.dll. 

This IDE file also includes detection for:

Troj/Fwdisab-A
http://www.sophos.com/virusinfo/analyses/trojfwdisaba.html
Troj/Mosuck-X
http://www.sophos.com/virusinfo/analyses/trojmosuckx.html
W32/Rbot-ZW
http://www.sophos.com/virusinfo/analyses/w32rbotzw.html
Troj/Small-UF
http://www.sophos.com/virusinfo/analyses/trojsmalluf.html
Troj/Small-AMT
http://www.sophos.com/virusinfo/analyses/trojsmallamt.html
Troj/Singu-I
http://www.sophos.com/virusinfo/analyses/trojsingui.html
Troj/StartPa-FN
http://www.sophos.com/virusinfo/analyses/trojstartpafn.html
Troj/Bdoor-ZAS
http://www.sophos.com/virusinfo/analyses/trojbdoorzas.html
Troj/QQRob-A
http://www.sophos.com/virusinfo/analyses/trojqqroba.html
Troj/VB-GJ
http://www.sophos.com/virusinfo/analyses/trojvbgj.html

Download the IDE file from:
http://www.sophos.com/downloads/ide/bdoorzat.ide

Download all the IDE files available for the current version of 
Sophos Anti-Virus in a single compressed file. The file is
available in two formats:

Zip file:
http://www.sophos.com/downloads/ide/ides.zip

Self-extracting file:
http://www.sophos.com/downloads/ide/ides.exe

Read about how to use IDE files at
http://www.sophos.com/downloads/ide/using.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Troj/Bdoor-ZAT

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---