Agent.AWF

From Wikipedia, the free encyclopedia
Jump to: navigation, search

AWF (or Agent.AWF or Agent.btz) is a malicious Trojan downloader affecting the Microsoft Windows operating system.[1]

Methods of infection[edit]

This Trojan is considered obsolete, and there are no known variants in the wild.[1] However, an official from the Department of Homeland Security is quoted in a 2011 article as saying that the worm keeps evolving, is quite prolific and still infects computers. [2]

Affected operating systems[edit]

The following operating systems are known to be affected.

Operation[edit]

Agent.AWF displays virus activity in that it replaces files on a user's computer with a copy of itself, and moves the original, legitimate file to a bak sub-folder. It is known to attempt to terminate security software, and the Trojan downloads a backdoor onto the computer, allowing the attacker to further compromise the computer. It is also known to modify the Windows registry.

Identification[edit]

During installation, the following files are created, and may be present on a compromised system.[3]

  • abc123.pid
  • svcipa.exe
  • nod32kui.exe

See also[edit]

Notes[edit]

References[edit]

  • The Economist, December 6, 2008, "The worm turns"