Trojan-Backdoor-Zbot « Webroot Threat Blog

Epic Malware Dropper Makes No Attempt to Hide

September 21, 2010 – 3:09 pm

By Andrew Brandt In the world of first-person shooter games, getting the most headshots – hits on the opponent which instantly take the opponent’s avatar out of the game — is a prized goal. The headshot is the quickest way to dispatch a foe in virtually every shooter, which is why the file name of [...]

By mguthrie09 | Posted in Ad-clickers, adware, Backdoors, Blackhat SEO, Destructive behavior, Downloaders, Keyloggers, social engineering, spam, Stupid malware tricks, Threat Research, Trojans | Tags: acronis toolbar helper, Adware-DiskClean, amnesiac, autouploaders.net, avto.exe, bestviewbars.com, daporch.com, Desktop Cleanup Wizard, dskclnwiz.dll, fFollower.exe, glures.com, igpayinfos.com, klikiRandomizer, miragge.exe, promotds.com, q1.exe, solaruploaderz.com, Trojan-Agent-Dump, Trojan-Agent-TDSS, Trojan-Backdoor-Zbot, Trojan-Clicker-Vesloruki, Trojan-Downloader-Ncahp, Trojan-Dropper-Headshot, Worm-Koobface, yogetheadshot.php, yogetheadshot.php.exe | Leave a Comment

Phishers Want You to Have a Coke and a Drive-by

July 31, 2010 – 12:16 pm

By Andrew Brandt As recently as a few months ago, malware distributors went to what looked like great lengths to craft complex, sophisticated Web pages designed to trick visitors into believing they were visiting a page with an embedded video and — oops! — you need to update your copy of Adobe Flash in order [...]

By mguthrie09 | Posted in Keyloggers, phishing, social engineering, Threat Research | Tags: adobe_flash_update.exe, lunchstroke.ru, social engineering, Trojan-Backdoor-Zbot, Zbot, Zeus | Leave a Comment

Beware Spam With HTML Attachments

July 20, 2010 – 8:25 pm

By Andrew Brandt When it comes to spam messages, conventional wisdom dictates that you shouldn’t follow links or call phone numbers in the message, order products from the spammer, or open files attached to the email. We all should know by now that you should never open attached executable files, and spam filters now treat [...]

By mguthrie09 | Posted in Destructive behavior, Downloaders, Keyloggers, phishing, Phishing Trojans, social engineering, spam, Stupid malware tricks, Threat Research, Trojans | Tags: Copies of the payment is being attached, Copies of the payment.htm, I am able to complete the funds transfer late night, jquery.jxx, problemdollars.ru, raceobject.ru, Trojan-Backdoor-Zbot, Your Funds Will Be Transfered, Zbot | Comments (4)

Keylogger Poses as Document from Spain’s Central Bank

June 21, 2010 – 2:06 pm

By Andrew Brandt An attempt to push down the Trojan-Backdoor-Zbot password thief to Spaniards may signal a new wave of attacks by a crew of attackers who spent the better part of 2009 trying to convince gullible Internet users in different countries to download and execute Zbot installers poorly disguised as transaction records or other [...]

By mguthrie09 | Posted in Keyloggers, Phishing Trojans, social engineering, Stupid malware tricks, Threat Research | Tags: Banco de España, BdE, declaracion.exe, descargar declaración, download statement, Trojan-Backdoor-Zbot, Trojan-Pushu, Zbot, Zeus | Comments (2)

Fake Amazon.com Order Emails Bring a Trojany “Friend”

May 17, 2010 – 4:37 pm

By Andrew Brandt An ongoing campaign where malware distributors use email spam to deliver dangerous programs to unwitting victims has begun to change its tune, switching the scam to incorporate different brands. In the latest scam, the message appears to be an order confirmation from Amazon.com for the purchase of an expensive consumer electronics item, [...]

By mguthrie09 | Posted in Destructive behavior, Downloaders, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Amazon.com, itunes, Oficla, Pushdo, Pushu, Sasfis, shipping confirmation, Sony Bravia S8056, Tacticlol, Trojan-Backdoor-Zbot, Trojan-Downloader-Tacticlol, Trojan-Pushu, Zbot | Comments (7)

Modified Websites Pushing Trojans On the Rise

April 21, 2010 – 10:46 am

By Andrew Brandt For the past couple of weeks, owners of Web sites have been hit with a wave of attacks that surreptitiously infect unsuspecting visitors with a wide variety of malware types. The first wave inflicted rogue antivirus on unlucky victims, but late last week victims who visited infectious sites were redirected into a [...]

By mguthrie09 | Posted in adware, Blackhat SEO, Destructive behavior, Rogue Security Products, Stupid malware tricks, Threat Research | Tags: Adobe Acrobat, corpadsinc.com, Eleonor exploit kit, Hilary Kneber, hnarmettis.com, iframe, iprototo.com, itotolo.com, Kneber, mainnetsoll.com, mnuyetsgrr.com, networkads.net, nuvolokijj.com, obfuscated Javascript, Tacticlol, totoship.com, Trojan-Backdoor-failst0rm, Trojan-Backdoor-Zbot, Trojan-Clicker-Dawg, Win32.Decay, Wordpress, yahoo-statistic.com | Comments (1)

Massive Spam Campaign Impersonates Social Networks

February 5, 2010 – 4:25 pm

By Andrew Brandt Spammers are the source of a flood of messages that appear to originate from various social networks, including Facebook and Myspace, as well as popular sites like iTunes. The spam messages usually just contain a link, and possibly a few words. Their subject matter falls into three general categories common to most [...]

By mguthrie09 | Posted in social engineering, social networks, spam | Tags: Canadian Pharmacy, facebook, itunes, myspace, Online Pharmacy, russian brides, Said, sent them to all ur friends, some jerk has posted your pictures, spam, that he is an idiot, Trojan-Backdoor-Zbot, u understand what kind of pictures are there, Zbot | Comments (5)

Zbot Fakes ABA Banking Site, Seeks a Stimulus Package

January 27, 2010 – 4:37 pm

By Andrew Brandt As the reign of nuisance by Trojan-Backdoor-Zbot continues, the latest scam invites victims to review a “transaction report” on a page supposedly on the Web site of the American Bankers Association, or ABA. (I wouldn’t want to call it a reign of terror; that might give the Zbot authors an inflated sense [...]

By mguthrie09 | Posted in Phishing Trojans, social engineering, Stupid malware tricks, Threat Research | Tags: "Please generate and carefully review the transaction report for", ABA, banking Trojan, getreport.aba.com, Transaction Report, Trojan-Backdoor-Zbot, Zbot | Comments (3)

Zbot Desperately Seeking AIM Users

January 21, 2010 – 2:54 pm

By Andrew Brandt The Zbot keylogger campaign-of-the-month targets users of AOL Instant Messenger (AIM) with a message that claims to be an update notification for users of the instant messaging client application. Users unfortunate enough to click through the link in the email message to download what they think is something called “aimupdate_7.1.6.475.exe” will be [...]

By mguthrie09 | Posted in Keyloggers, social engineering, Stupid malware tricks, Threat Research | Tags: AIM, aimupdate_7.1.6.475.exe, AOL Instant Messenger (AIM), AS50369, говнюк клуба, phishclub, Progdav, Trojan-Backdoor-Progdav, Trojan-Backdoor-Zbot, vishclub, VISHCLUB-as Kanyovskiy Andriy Yuriyovich, Zbot | Comments (5)

A Look Back at the Worst Infections of 2009

December 31, 2009 – 11:29 am

By Andrew Brandt It’s not clear whether the past year will go down in history as a particularly bad year for malware, but one thing is certain: It was bad enough, at times, that fighting infections and cleaning PCs took priority over virtually all other work. Neither home users nor businesses were immune from wave [...]

By mguthrie09 | Posted in Threat Research | Tags: Conficker, trojan, Trojan-Backdoor-Stinkbreath, Trojan-Backdoor-TDSS, Trojan-Backdoor-Zbot, Worm-Koobface | Comments (5)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com