Zeus continues to be one of the most common malware we run into.

Just now we've been watching a spam run with malicious ZIP files attached to them.



Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies. So far, we've seen these filenames:

• 2010 Contract With LC Change 051005.exe
• Flight Attendant-0600003A.exe
• Second chord sounds in world's longest lasting concert - Yahoo! News.exe
• Cancellation Notice.exe
• BURRESS_WEDDING_AUGUST2010.exe
• IN255596.exe
• 2010 expenses.exe
• resume.exe

The malware downloads additional components from two malicious websites in Russia: jocudaidie.ru and zephehooqu.ru.

We block access to the malicious websites and detect the malware as Trojan:W32/Agent.DKJC. On 18/08/10 At 10:33 AM



**Hidden Content: To see this hidden content your post count must be 1 or greater.**