Wontok SafeCentral Malware Bulletin
12 February 2016
Malware Family: Variant.Zegost.6
Variant Zegost 6 is a backdoor bot. It has the ability to start downloads from the Internet without users consent or knowledge. It uses root-kit techniques in order to hide its presence on the system and it is known to report information to a remote command and control servers.
Wontok Lab Results
We observed that Wontok SafeCentral Security Suite’s On-access and On-demand engines properly detect and remediate this malware, which prevents the unwanted bot installing onto a local system.
Observations
Variant.Zegost.6 was observed periodically collecting system information like operating system version, IP address, and open ports, and report this information to a remote command and control server. It is often installed with the help of other malware files located on the computer. Therefore Wontok recommends removal of this malware.
About Wontok Lab
Wontok Lab is Wontok’s product test facility that consists of a team of security researchers in a controlled analysis and testing environment. Wontok Lab conducts rigorous tests specifically designed and tailored for each of Wontok’s security products.
About Wontok SafeCentral Security Solutions
Founded in 2005 and headquartered in Sydney, Wontok has operations in Australia, Asia and the United States, Wontok brings proven remote access and endpoint security solutions to market. Wontok designed the SafeCentral solutions to be effective against advanced malware threats on the desktop and mobile devices. SafeCentral Security Solutions includes SafeDesktop, Mobile Security, and Security Suite, all of which can be delivered via partner owned platforms or via the Wontok ONE Cloud-based VAS service delivery platform.