Jump to content

Agent.BTZ

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Frap (talk | contribs) at 13:02, 19 August 2016 (Attribution: italic). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Agent.BTZ, also named Autorun,[1][2] is a Computer worm which was used as a Spyware in the 2008 cyberattack on United States. It's a variant of the SillyFDC worm.[3]

Not to be confused with Agent.AWF, which is a Trojan infecting Windows and Android systems.

Technical description

The worm itself is a DLL file, written in Assembler (x86-32 bit).[4] It spreads by creating an AUTORUN.INF file to the root of each drive with the DLL file.[5]

History

As the malware, on an infected computer, is able to infect any plugged-in USB flash drive, the US military banned the use of USB and removable media devices in 2008.[6]

Attribution

An article[7] in the Los Angeles Times reported that US defense officials described the malicious software as "apparently designed specifically to target military networks." It's "thought to be from inside Russia", although it was not clear "whether the destructive program was created by an individual hacker or whether the Russian government may have had some involvement."

According to an article[8] in The Economist, "it is not clear that agent.btz was designed specifically to target military networks, or indeed that it comes from either Russia or China."

In 2010, American journalist Noah Shachtman wrote an article[9] to investigate the theory that the worm was written by a single hacker.

However, analyses[10] by Kaspersky Lab found relations to other spyware:

References