Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Tue Feb 28, 2012 5:25 pm

MD5: 4ec8894abc2508c3a2bb0adf209676cd
5/43

MD5: e2267467c9ee62583814cb2a6904a6e7
6/43
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby Aleksandra » Sat Mar 03, 2012 2:02 pm

MD5: 36d4b7bf9bf5f5d262e14b22b029c357
SHA1: d07b79f2a6b41583b2b5733dc1006593709ad6de
2/43
You do not have the required permissions to view the files attached to this post.
User avatar
Aleksandra
 
Posts: 79
Joined: Sun Jun 05, 2011 9:34 pm
Reputation point: 22

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Sun Mar 04, 2012 5:56 pm

19 samples, observed last few days
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Mon Mar 12, 2012 9:13 am

17 droppers in archive
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Mon Mar 19, 2012 5:54 am

ZBot collection, observed last three month http://narod.ru/disk/43976718001.6c9f15 ... t.zip.html
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Unknown?

Postby Maxstar » Tue Mar 20, 2012 10:10 am

Just received by mail.
Image

rapport.pdf.exe
https://www.virustotal.com/file/bce0e24 ... 332237452/
MD5: cff63a36b4d1b80d8daa31b371e04787
Detection ratio: 1 / 43

EDIT:
Possible zbot but i'm not sure.
You do not have the required permissions to view the files attached to this post.
User avatar
Maxstar
 
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am
Reputation point: 39

Re: Unknown?

Postby EP_X0FF » Tue Mar 20, 2012 10:46 am

You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4764
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Trojan Zeus (alias ZBot)

Postby Neurofunk » Thu Mar 22, 2012 9:59 pm

https://www.virustotal.com/file/dcbb0b9 ... /analysis/
MD5: 9097a9675a50ac7ec4d98f175fd326d6
Detection ratio: 8 / 43
You do not have the required permissions to view the files attached to this post.
Neurofunk
 
Posts: 28
Joined: Tue Oct 25, 2011 5:28 pm
Reputation point: 12

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Mon Mar 26, 2012 6:05 am

Guys, great news :)
At last 3 month ZBot was the most common trojan and stealer, a huge number of various samples every day. But...
Microsoft and partners disrupt Zeus botnets http://blogs.technet.com/b/mmpc/archive/2012/03/25/microsoft-and-partners-disrupt-zeus-botnets.aspx

This week, Microsoft has partnered with security experts and the financial services industry on a new action codenamed Operation b71 to disrupt some of the worst known botnets using variants of the notorious Zeus malware (which we detect as Win32/Zbot).


http://blogs.technet.com/b/microsoft_bl ... tnets.aspx
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby Neurofunk » Mon Mar 26, 2012 4:07 pm

Interesting, one of the C&C's they mentioned shutting down is about 15 min from where I work (Lombard, IL). Seems kind of weird they'd put a C&C server inside the US considering it is pretty trivial for the government to get a shutdown order issued you'd think they'd want to keep it off shore somewhere.

edit: Well I suppose since it was Microsoft it isn't a government operation but really if the right amount of money made it into someones hands i'm sure it would have happened anyways ;)
Neurofunk
 
Posts: 28
Joined: Tue Oct 25, 2011 5:28 pm
Reputation point: 12

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 16 guests

cron