New version of the Zbot-I trojan

May 17, 2009 Leave a Comment

A message with the subject line “Fwd: Look and tell…” that has been intercepted by the zero hour anti virus at MX Lab caught our attention. When submitting the details to Virus Total, only 14 of the 40 AV engines did detect this one. The email has the ZIP file attached named Info04.zip and when extracted we got Info04.Doc_[lots of underscores]_…_.exe.

The body of the email:

Hello, webmaster.

I received it with my morning mail but it seems to me everything is yours.
Look and tell to delete it or don’t.


Best regards,
webmaster mailto:webmaster@sylvia-gerl.net

This version of malware itself doesn’t do much harm when looking to the activity. It will create a new file%Temp%\svchost [file and pathname of the sample #1], create a new service svchost.exe, add one Windows registry.

Virus Total permlink and MD5:16a2124b53d9d4746c77b9682a795e36.

Filed under Viruses Tagged with , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers