newsbot
19-08-2010, 01:22 AM
Zeus continues to be one of the most common malware we run into.
Just now we've been watching a spam run with malicious ZIP files attached to them.
http://www.f-secure.com/weblog/archives/resumezbot.png
Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies. So far, we've seen these filenames:
• 2010 Contract With LC Change 051005.exe
• Flight Attendant-0600003A.exe
• Second chord sounds in world's longest lasting concert - Yahoo! News.exe
• Cancellation Notice.exe
• BURRESS_WEDDING_AUGUST2010.exe
• IN255596.exe
• 2010 expenses.exe
• resume.exe
The malware downloads additional components from two malicious websites in Russia: jocudaidie.ru and zephehooqu.ru.
We block access to the malicious websites and detect the malware as Trojan:W32/Agent.DKJC. On 18/08/10 At 10:33 AM
**Hidden Content: Check the thread to see hidden data.**
Just now we've been watching a spam run with malicious ZIP files attached to them.
http://www.f-secure.com/weblog/archives/resumezbot.png
Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies. So far, we've seen these filenames:
• 2010 Contract With LC Change 051005.exe
• Flight Attendant-0600003A.exe
• Second chord sounds in world's longest lasting concert - Yahoo! News.exe
• Cancellation Notice.exe
• BURRESS_WEDDING_AUGUST2010.exe
• IN255596.exe
• 2010 expenses.exe
• resume.exe
The malware downloads additional components from two malicious websites in Russia: jocudaidie.ru and zephehooqu.ru.
We block access to the malicious websites and detect the malware as Trojan:W32/Agent.DKJC. On 18/08/10 At 10:33 AM
**Hidden Content: Check the thread to see hidden data.**