Troj/Agent-ZCT
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 7 |
| First Seen: | December 4, 2012 |
| Last Seen: | June 2, 2023 |
| OS(es) Affected: | Windows |
The Troj/Agent-ZCT Trojan is a collection of malicious code that has been associated with a JavaScript Trojan that affects Windows and Mac users attempting to visit sites with content about the Dalai Lama. Despite the fact that the actual malware infection contained in this scam is a Trojan that targets Mac OS X operating systems known as Dockster, Troj/Agent-ZCT itself is a malicious infection that targets computers with the Windows operating system attempting to visit the compromised website. The fact that a website associated with the Dalai Lama is being used to distribute malware is not surprising to PC security researchers. This is not because the Dalai Lama is associated with malware (far from it!) Rather, free Tibet activists and organizations have been the focus of a relentless malware campaign in recent years, probably in a state-sponsored attack. Since websites connected to the Dalai Lama would be likely to receive visitors associated with this political movement, ESG security researchers are not surprised that it has become the target of a malware attack.
Analyzing the Malware Attack Associated with Troj/Agent-ZCT
The Dockster Trojan is a dangerous backdoor Trojan that allows criminals to gain access and spy on an infected Mac OS X computer. There are several malicious elements involved in this attack, including a JavaScript exploit and a dangerous Trojan dropper designed to install the Dockster Trojan on the victim's computer. Security problems with this website have been detected for a while, with the first of them detected on October 5th of 2012. Two malicious Java applets were embedded into the gyalwarinpoche(dot)com website. These are designed to allow criminals to inject the Dockster Trojan into the victim's computer. This Trojan contains keylogger components that allow criminals to spy on the victim's activity. Computer users with a Windows Operating System will be infected with Troj/Agent-ZCT, which appears to have a similar attack pattern. This is the main danger of Java-based malware, the potential for cross-platform abuse, allowing criminals to target computer users using non-Windows operating systems while also being able to deliver Windows-based Trojans to eligible victims.
It is important to remember that even Mac OS X computers are vulnerable to malware attacks. The best way to avoid a Troj/Agent-ZCT infection is to disable Java, only enabling it if necessary. It is also important to use a real-time malware scanner to monitor your online activity at all times to prevent these kinds of drive-by downloads.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.