Wednesday, November 22. 2006I'm a Zlob distributor
This is a screenshot of my personal forum (before I deleted this post):
 The link and the picture redirects to a site, which is the number 1421 affiliate of the Zlob business. The site contains links to infected videogalleries, and all the links contain this number, so the Zlob-people can pay for the traffic. Don't you know Zlob? Good for you. Trojan.DL.Zlob is a downloader trojan that usually disguises itself as a codec or xxx password manager. Creators nowadays register at least 10 new hosting domains per month, with names like *codec, *encoder or similar. The programs are different on the different domains, and are changed twice a day, so it's very hard for a virus scanner to remain up to date. The installer downloads other components from the network, that usually show „Your PC is infected” popups (this component is also known as Trojan.Renos). Of course the popups always know what „antivirus” you should use to remove it. Recent proposals are: SpyFalcon, SpyAxe, SpywareQuake, VirusBurst or VirusBursters. The last ones are especially sticky for my employer, because the name of our company and our flagship product is VirusBuster. The difference is that we are in this list, while VirusBurst is in this list. PS: Looks like VB100% results are classified. You have to create a free password or you can pick one from here. PS2: An Overview of the FreeVideo Player Trojan by Internet Storm Center Update: The animal described at the PS2 link is not Trojan.Zlob, but Trojan.DNSChanger. Same idea but different payload. Sorry. Friday, November 17. 2006 |
CalendarQuicksearchKategóriákSyndicate This BlogContactPowered by
|
