Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Win32/Zeus (alias Zbot)

Postby SecConnex » Wed Aug 04, 2010 6:15 pm

Seems like Trj.Agent updates all the time.

Newer versions of Trj.Agent are doing more tricky rootkit techniques.

Have a look at this sample, thanks to Jaxryley:

http://www.mediafire.com/?3jmlljnmodj1zwm
Jay
seCURE Connexion Consultant
SecConnex
 
Posts: 90
Joined: Sat May 01, 2010 3:35 am
Location: Ohio, United States
Reputation point: 8

Re: Newer Trj.Agent

Postby ssj100 » Wed Aug 04, 2010 10:07 pm

Password is "infected" for anyone that didn't already know. Cheers.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
User avatar
ssj100
 
Posts: 61
Joined: Wed Aug 04, 2010 12:16 pm
Reputation point: 5

Re: Newer Trj.Agent

Postby SecConnex » Wed Aug 04, 2010 10:26 pm

Ooops. Thanks, ssj.
Jay
seCURE Connexion Consultant
SecConnex
 
Posts: 90
Joined: Sat May 01, 2010 3:35 am
Location: Ohio, United States
Reputation point: 8

PWS:Win32/Zbot

Postby markusg » Mon Aug 16, 2010 1:12 pm

Hi,
i'm searching zeus3 droppers and an zeus3 builder.
perhaps somebody can share samples?
thx for your help
markusg
 
Posts: 713
Joined: Mon Mar 15, 2010 2:53 pm
Reputation point: 141

Re: [searching] zeus3

Postby EP_X0FF » Mon Aug 16, 2010 1:52 pm

You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4765
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: [searching] zeus3

Postby markusg » Mon Aug 16, 2010 2:45 pm

yer this what i'm searching for :-)
when you find more it would be nice to post it. thx for your help
markusg
 
Posts: 713
Joined: Mon Mar 15, 2010 2:53 pm
Reputation point: 141

Re: [searching] zeus3

Postby Evilcry » Mon Aug 16, 2010 2:56 pm

Hi,

I just want to put a clarification relative to naming convenction, technically ZeuS v3 does not exists,
ZeuS has always the same structure and version numeration does not presents a jump..this is one another
mystification performed by some Vendor to fire up more pain

Actual intelligence does not reveal any evidence of ZeuS 3 existence :)

Regards,
Evilcry
Evilcry
 
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 90

Re: [searching] zeus3

Postby EP_X0FF » Mon Aug 16, 2010 3:25 pm

You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4765
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: [searching] zeus3

Postby markusg » Wed Aug 18, 2010 1:09 pm

i want to say thx for files and info :-)
markusg
 
Posts: 713
Joined: Mon Mar 15, 2010 2:53 pm
Reputation point: 141

searchin new zbot variannt

Postby markusg » Wed Sep 29, 2010 9:07 am

i'm searching this zbot variannt:
http://www.f-secure.com/weblog/archives/00002037.html
perhaps somebody can help.
markusg
 
Posts: 713
Joined: Mon Mar 15, 2010 2:53 pm
Reputation point: 141

Next

Return to Malware

Who is online

Users browsing this forum: Fedor22 and 9 guests