Agent.AWF

AWF (or Agent. AWF or Agent.btz) is a malicious Trojan Downloader affecting the Microsoft Windows Operating System.^[1]

Methods of Infection

This Trojan is considered obsolete, and there are no known variants in the wild.^[1] However, an official from the Department of Homeland Security is quoted in a 2011 article as saying that the worm keeps evolving, is quite prolific and still infects computers. ^[2]

Affected Operating Systems

The following operating systems are known to be affected.

• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows Server 2003

Operation

Agent. AWF displays virus activity as it that replaces files on a user's computer with a copy of itself, and moves the original, legitimate file to a bak sub-folder. It is known to attempt to terminate security software, and the Trojan downloads a Backdoor onto the computer, allowing the attacker to further compromise the computer. It is also known to modify the Windows registry.

Identification

During installation, the following files are created, and may be present on a compromised system.^[3][4]

• abc123.pid
• svcipa.exe
• nod32kui.exe

See also

• 2008 cyberattack on United States

References

• The Economist, December 6, 2008, "The worm turns"

1. ^ http://www.avira.com/en/threats/section/fulldetails/id_vir/2820/tr_dldr.agent.awf.14.html
2. http://www.reuters.com/article/2011/06/16/us-usa-cybersecurity-worm-idUSTRE75F5TB20110616
3. http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Agent.awf&threatid=70517
4. http://www.securitystronghold.com/gates/agent-awf-trojan.html