Posted: March 13, 2014
Threat Metric
Threat Level: 8/10
Infected PCs 1,445

Agent.BTZ Description

Agent.BTZ is a worm-based component of the Uroburos or Snake campaign, an ongoing series of information-gathering attacks against various countries that may be funded by Russian intelligence. Even though Agent.BTZ was seen as long ago as 2008, a veritable lifetime by the standards of threats, malware researchers and other industry experts also have confirmed the active use of recent, updated variants of this threatening software as of 2014. Agent.BTZ includes backdoor functions that enable Agent.BTZ to collect information and transfer it to a third-party silently, and also may distribute itself through self-copying functions – a move that complicates removing Agent.BTZ, by requiring that you isolate your PC from any removable hard drives or wireless networks.

From Yankees to Ukrainians: the Agent.BTZ's Serpentine Campaign

Agent.BTZ is a worm that managed to evade complete disinfection efforts from the Pentagon for over a year, during a 2008 campaign wherein Agent.BTZ infected a free USB device and, from there, managed to infiltrate various military networks. This campaign has, historically, been considered the worst compromise of electronic security in the US military's history. However, new versions of Agent.BTZ worms appear to have surfaced, along with evidence that ties Agent.BTZ to a global campaign of espionage.

This spy thriller novelesque plot is implicated through various details indicating that the Agent.BTZ's attacks are just one small part of the Snake or Uroburos project, which most likely is Russian in origin, with its developers working a regular nine to five schedule. Ukraine and Lithuania have been seen with the vast majority of Snake campaign-based infections confirmed, but other nations, including those in the first world, also have been targeted, albeit in reduced quantities. The basic attacks that malware researchers warn to expect from Agent.BTZ and most of its variants include:

  • Agent.BTZ may copy itself through unprotected networks to compromise additional PCs automatically.
  • Agent.BTZ will attempt to distribute copies of itself onto any peripheral hard drives, such as USB sticks, enabling Agent.BTZ to infect any PC that shares the device.
  • Agent.BTZ may create a backdoor vulnerability through which Agent.BTZ may transfer classified information or allow other persons to control your computer.
  • Agent.BTZ may include threat-downloading functions that allow Agent.BTZ to retrieve and install other threats, which may coordinate with its attacks to compromise the machine's security.
  • Agent.BTZ may lock several types of security software, which may require disabling all copies of Agent.BTZ, prior to deleting Agent.BTZ.

Cutting Off the Last Few Heads of an Ancient Cyber Serpent

By the terms of threats, Agent.BTZ, also known as AWF or Agent.AWF, has already lived a long life. However, with new variants of Agent.BTZ seen in recent months alongside rootkit technology included in the overall Uroburos campaign, Agent.BTZ does not seem to be going extinct anytime soon. Since nations throughout the world have suffered from these attacks, it falls to the hands of individual PC users to protect their networks and peripheral devices from Agent.BTZ contamination.

Deleting Agent.BTZ usually will call for detecting and removing more than one copy of this threat, potentially in multiple locations, along with any associated threatening software. Considering that the level of sophistication in Agent.BTZ's old variant was sufficient to evade the US military for fourteen months, it should be obvious why malware researchers suggest using only the strongest and most updated anti-malware tools available for disinfecting Agent.BTZ-compromised machines.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Agent.BTZ may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.