Seems like Trj.Agent updates all the time.
Newer versions of Trj.Agent are doing more tricky rootkit techniques.
Have a look at this sample, thanks to Jaxryley:
http://www.mediafire.com/?3jmlljnmodj1zwm
Win32/Zeus (alias Zbot)
Win32/Zeus (alias Zbot)
Jay
seCURE Connexion Consultant
seCURE Connexion Consultant
Re: Newer Trj.Agent
Password is "infected" for anyone that didn't already know. Cheers.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
PWS:Win32/Zbot
Hi,
i'm searching zeus3 droppers and an zeus3 builder.
perhaps somebody can share samples?
thx for your help
i'm searching zeus3 droppers and an zeus3 builder.
perhaps somebody can share samples?
thx for your help
-
EP_X0FF
- Global Moderator
- Posts: 4872
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: [searching] zeus3
Hello,
not sure which version is it.
http://www.virustotal.com/file-scan/rep ... 1281966574
i can look for more samples earlier.
Regards.
not sure which version is it.
http://www.virustotal.com/file-scan/rep ... 1281966574
i can look for more samples earlier.
Regards.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
Re: [searching] zeus3
yer this what i'm searching for 
when you find more it would be nice to post it. thx for your help
when you find more it would be nice to post it. thx for your help
Re: [searching] zeus3
Hi,
I just want to put a clarification relative to naming convenction, technically ZeuS v3 does not exists,
ZeuS has always the same structure and version numeration does not presents a jump..this is one another
mystification performed by some Vendor to fire up more pain
Actual intelligence does not reveal any evidence of ZeuS 3 existence
Regards,
Evilcry
I just want to put a clarification relative to naming convenction, technically ZeuS v3 does not exists,
ZeuS has always the same structure and version numeration does not presents a jump..this is one another
mystification performed by some Vendor to fire up more pain
Actual intelligence does not reveal any evidence of ZeuS 3 existence
Regards,
Evilcry
-
EP_X0FF
- Global Moderator
- Posts: 4872
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: [searching] zeus3
Thanks for clarification
Here are more samples.
http://www.virustotal.com/file-scan/rep ... 1281972266
http://www.virustotal.com/file-scan/rep ... 1281972273
http://www.virustotal.com/file-scan/rep ... 1281972284
Here are more samples.
http://www.virustotal.com/file-scan/rep ... 1281972266
http://www.virustotal.com/file-scan/rep ... 1281972273
http://www.virustotal.com/file-scan/rep ... 1281972284
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
Re: [searching] zeus3
i want to say thx for files and info
searchin new zbot variannt
i'm searching this zbot variannt:
http://www.f-secure.com/weblog/archives/00002037.html
perhaps somebody can help.
http://www.f-secure.com/weblog/archives/00002037.html
perhaps somebody can help.