Wontok SafeCentral Malware Bulletin

12 February 2016

Malware Family: Variant.Zegost.6

Variant Zegost 6 is a backdoor bot. It has the ability to start downloads from the Internet without users consent or knowledge. It uses root-kit techniques in order to hide its presence on the system and it is known to report information to a remote command and control servers.

Wontok Lab Results

We observed that Wontok SafeCentral Security Suite’s On-access and On-demand engines properly detect and remediate this malware, which prevents the unwanted bot installing onto a local system.

Observations

Variant.Zegost.6 was observed periodically collecting system information like operating system version, IP address, and open ports, and report this information to a remote command and control server. It is often installed with the help of other malware files located on the computer. Therefore Wontok recommends removal of this malware.

About Wontok Lab

Wontok Lab is Wontok’s product test facility that consists of a team of security researchers in a controlled analysis and testing environment. Wontok Lab conducts rigorous tests specifically designed and tailored for each of Wontok’s security products.

About Wontok SafeCentral Security Solutions

Founded in 2005 and headquartered in Sydney, Wontok has operations in Australia, Asia and the United States, Wontok brings proven remote access and endpoint security solutions to market. Wontok designed the SafeCentral solutions to be effective against advanced malware threats on the desktop and mobile devices. SafeCentral Security Solutions includes SafeDesktop, Mobile Security, and Security Suite, all of which can be delivered via partner owned platforms or via the Wontok ONE Cloud-based VAS service delivery platform.