New version of the Zbot-I trojan

May 17, 2009 by mxlab Leave a Comment

A message with the subject line “Fwd: Look and tell…” that has been intercepted by the zero hour anti virus at MX Lab caught our attention. When submitting the details to Virus Total, only 14 of the 40 AV engines did detect this one. The email has the ZIP file attached named Info04.zip and when extracted we got Info04.Doc_[lots of underscores]_…_.exe.

The body of the email:

Hello, webmaster.

I received it with my morning mail but it seems to me everything is yours.
Look and tell to delete it or don’t.


Best regards,
webmaster mailto:webmaster@sylvia-gerl.net

This version of malware itself doesn’t do much harm when looking to the activity. It will create a new file%Temp%\svchost [file and pathname of the sample #1], create a new service svchost.exe, add one Windows registry.

Virus Total permlink and MD5:16a2124b53d9d4746c77b9682a795e36.

Filed under Viruses Tagged with , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>