Trojan.Agent.ZT
Posted: April 3, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | April 3, 2014 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Agent.ZT is a Trojan dropper whose payload still is being examined, although current estimates rate Trojan.Agent.ZT as likely that Trojan.Agent.ZT is distributing ransomware, such as fake Police Trojans or variants of the Ukash Virus. The last known attack for Trojan.Agent.ZT hacked a government website to distribute this Trojan under the disguise of a media player. Although officials have responded to this breach of security and corrected their site, PCs in previous contact with the domain may remain infected. Naturally, any PCs compromised by Trojan.Agent.ZT should have all threatening software removed by the proper anti-malware utilities.
Trojan.Agent.ZT: When the Wilderness of the Web Strikes from an Unexpected Site
The state is considered for numerous persons as a nigh-unassailable source of monolithic order, but the forces of chaos sometimes impugn upon these institutions directly, which can make any law-abiding citizen uncomfortable. Trojan.Agent.ZT is just one of the newest cases of a Trojan attack being injected into a government website, with Florida's town of Arcadia being unwittingly responsible for its distribution. Arcadia-fl.gov has been cleansed of the offending content, but that may be a hollow comfort to anyone who already installed the offered threat.
Trojan.Agent.ZT was disguised as a VIO Player product that was described as mandatory for viewing the above website's content. Browsers visiting this site would be forced to load its pop-up superimposed above the rest of the site's primary Web page. However, the install button, rather than giving your PC a media player, launched Trojan.Agent.ZT, whose payload is still under analyzes. The persons responsible for this state site-hacking campaign also appear to have taken steps to block any extended analysis of their attack; as of the latest reports, the fake installer's link to Trojan.Agent.ZT has been terminated.
Interestingly, malware researchers have seen signs that this same campaign also may be using Web redirects to distribute Trojan.Agent.ZT to pornography enthusiasts. Domains such as lesbomoviesworld.net, trannystudio.com, shemalehotvids.com and lesbianhotclips.com also have been connected to Trojan.Agent.ZT's campaign. A sizable minority of anti-malware products from various anti-malware companies are capable of flagging these domains or the Trojan.Agent.ZT's executable (EXE) file.
Responding to a Government Threat on Your Own Computer
While the Arcadian government's swift response is commendable, the fact that even a government website may be exploited to distribute Trojan.Agent.ZT shows how all website managers need to make security a priority. The hacking activities that inject redirects to Trojan.Agent.ZT pop-ups and other assaults may be enabled by outdated Web management software, which allows its creators to open an easy backdoor into a website's code. Updating your site's basic management systems is, accordingly, something malware researchers would emphasize for any site owner.
On the other side of the Web browser, potential victims can block Trojan.Agent.ZT pop-ups and similar attacks by disabling scripts and using anti-malware tools that include Web-based defenses. Since the symptoms and intentions behind Trojan.Agent.ZT infections still are being examined, it is the responsibility of any victim of Trojan.Agent.ZT attacks to scan their own PCs with comprehensive anti-malware solutions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.