Zbot « Webroot Threat Blog

Search Hijacker Adds Files to Firefox Profile

November 5, 2010 – 11:49 am

By Andrew Brandt In September, I posted an item about a dropper which we call Trojan-Dropper-Headshot. This malware delivers everything including the kitchen sink when it infects your system. It has an absolute ton of payloads, any of which on their own constitute a serious problem. All together, they’re a nightmare. Among the payloads, we’ve [...]

By mguthrie09 | Posted in Firefox, hijack search results, malware, Threat Research, Trojans | Tags: Antivir Solution Pro, Bubnix, Firefox, Gleishug, good-search.net, google_search.xml, I Hug Legs, LDpinch, search-click.com, search-go.net, search-star.net, search-tab.com, seupd.exe, Sky-banners, Street-Ads, Trojan-Agent-TDSS, Trojan-Clicker-Vesloruki, Trojan-Downloader-Ncahp, Trojan-Dropper-Headshot, Trojan-Gleishug, TRxGM, user.js, virtumonde, wish-search.com, Zbot | Comments (2)

Phishers Want You to Have a Coke and a Drive-by

July 31, 2010 – 12:16 pm

By Andrew Brandt As recently as a few months ago, malware distributors went to what looked like great lengths to craft complex, sophisticated Web pages designed to trick visitors into believing they were visiting a page with an embedded video and — oops! — you need to update your copy of Adobe Flash in order [...]

By mguthrie09 | Posted in Keyloggers, phishing, social engineering, Threat Research | Tags: adobe_flash_update.exe, lunchstroke.ru, social engineering, Trojan-Backdoor-Zbot, Zbot, Zeus | Leave a Comment

Beware Spam With HTML Attachments

July 20, 2010 – 8:25 pm

By Andrew Brandt When it comes to spam messages, conventional wisdom dictates that you shouldn’t follow links or call phone numbers in the message, order products from the spammer, or open files attached to the email. We all should know by now that you should never open attached executable files, and spam filters now treat [...]

By mguthrie09 | Posted in Destructive behavior, Downloaders, Keyloggers, phishing, Phishing Trojans, social engineering, spam, Stupid malware tricks, Threat Research, Trojans | Tags: Copies of the payment is being attached, Copies of the payment.htm, I am able to complete the funds transfer late night, jquery.jxx, problemdollars.ru, raceobject.ru, Trojan-Backdoor-Zbot, Your Funds Will Be Transfered, Zbot | Comments (4)

Keylogger Poses as Document from Spain’s Central Bank

June 21, 2010 – 2:06 pm

By Andrew Brandt An attempt to push down the Trojan-Backdoor-Zbot password thief to Spaniards may signal a new wave of attacks by a crew of attackers who spent the better part of 2009 trying to convince gullible Internet users in different countries to download and execute Zbot installers poorly disguised as transaction records or other [...]

By mguthrie09 | Posted in Keyloggers, Phishing Trojans, social engineering, Stupid malware tricks, Threat Research | Tags: Banco de España, BdE, declaracion.exe, descargar declaración, download statement, Trojan-Backdoor-Zbot, Trojan-Pushu, Zbot, Zeus | Comments (2)

Spammed Trojan Won’t Run Under Windows XP

June 14, 2010 – 2:07 pm

By Andrew Brandt While it is far from the first Trojan ever to simply fail to execute under Windows XP, it definitely caught our eye that a variant of Trojan-Downloader-Tacticlol distributed last week in a spam campaign only fully executed under Windows Vista or newer operating systems. It may have been just a fluke, but [...]

By mguthrie09 | Posted in social engineering, spam, Stupid malware tricks, Threat Research | Tags: Hide File Extensions for Known File Types, HKLM\software\classes\idid, Pushu, Statement_of_Fees_2009-2010.DOC.exe, Statement_of_Fees_2009-2010.zip, Sysinternals Antivirus, Tacticlol, TDSS, Trojan-Agent-TDSS, Trojan-Backdoor-TDSS, Trojan-Downloader-Tacticlol, Trojan-Pushu, TRxGM, Zbot | Comments (3)

Fake Amazon.com Order Emails Bring a Trojany “Friend”

May 17, 2010 – 4:37 pm

By Andrew Brandt An ongoing campaign where malware distributors use email spam to deliver dangerous programs to unwitting victims has begun to change its tune, switching the scam to incorporate different brands. In the latest scam, the message appears to be an order confirmation from Amazon.com for the purchase of an expensive consumer electronics item, [...]

By mguthrie09 | Posted in Destructive behavior, Downloaders, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Amazon.com, itunes, Oficla, Pushdo, Pushu, Sasfis, shipping confirmation, Sony Bravia S8056, Tacticlol, Trojan-Backdoor-Zbot, Trojan-Downloader-Tacticlol, Trojan-Pushu, Zbot | Comments (7)

Massive Spam Campaign Impersonates Social Networks

February 5, 2010 – 4:25 pm

By Andrew Brandt Spammers are the source of a flood of messages that appear to originate from various social networks, including Facebook and Myspace, as well as popular sites like iTunes. The spam messages usually just contain a link, and possibly a few words. Their subject matter falls into three general categories common to most [...]

By mguthrie09 | Posted in social engineering, social networks, spam | Tags: Canadian Pharmacy, facebook, itunes, myspace, Online Pharmacy, russian brides, Said, sent them to all ur friends, some jerk has posted your pictures, spam, that he is an idiot, Trojan-Backdoor-Zbot, u understand what kind of pictures are there, Zbot | Comments (5)

Zbot Fakes ABA Banking Site, Seeks a Stimulus Package

January 27, 2010 – 4:37 pm

By Andrew Brandt As the reign of nuisance by Trojan-Backdoor-Zbot continues, the latest scam invites victims to review a “transaction report” on a page supposedly on the Web site of the American Bankers Association, or ABA. (I wouldn’t want to call it a reign of terror; that might give the Zbot authors an inflated sense [...]

By mguthrie09 | Posted in Phishing Trojans, social engineering, Stupid malware tricks, Threat Research | Tags: "Please generate and carefully review the transaction report for", ABA, banking Trojan, getreport.aba.com, Transaction Report, Trojan-Backdoor-Zbot, Zbot | Comments (3)

Zbot Desperately Seeking AIM Users

January 21, 2010 – 2:54 pm

By Andrew Brandt The Zbot keylogger campaign-of-the-month targets users of AOL Instant Messenger (AIM) with a message that claims to be an update notification for users of the instant messaging client application. Users unfortunate enough to click through the link in the email message to download what they think is something called “aimupdate_7.1.6.475.exe” will be [...]

By mguthrie09 | Posted in Keyloggers, social engineering, Stupid malware tricks, Threat Research | Tags: AIM, aimupdate_7.1.6.475.exe, AOL Instant Messenger (AIM), AS50369, говнюк клуба, phishclub, Progdav, Trojan-Backdoor-Progdav, Trojan-Backdoor-Zbot, vishclub, VISHCLUB-as Kanyovskiy Andriy Yuriyovich, Zbot | Comments (5)

Visa Targeted (Again) by Zbot Phishers

December 11, 2009 – 10:18 am

By Andrew Brandt The gang of malware distributors who are currently flooding the Internet with bogus Facebook “Update Tool,” CDC “H1N1 Flu Vaccination Profile,” and IRS “Tax Statement” emails and Web pages are at it again — this time, targeting Visa with a fake email alert that leads to a page hosting not only a [...]

By mguthrie09 | Posted in Online shopping threats, Phishing Trojans, social engineering, Stupid malware tricks, Threat Research | Tags: ffs, FTP, reports.visa.com, Trojan-Backdoor-Zbot, Visa, Visa Email Alert, we’ll arrange for your card to be cancelled, Zbot | Comments (9)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com