Page 8 of 28

Re: Trojan Zeus (alias ZBot)

Posted: Mon Mar 26, 2012 4:26 pm
by rkhunter
I know that many U.S. companies/providers resell hosting to eastern Europe companies, so this is not unusual.

Re: Trojan Zeus (alias ZBot)

Posted: Wed Mar 28, 2012 1:42 pm
by NarfBang
Interesting piece on NBC the other night.

http://www.msnbc.msn.com/id/21134540/vp ... 6#46815636

Re: Trojan Zeus (alias ZBot)

Posted: Thu Mar 29, 2012 9:31 am
by rkhunter

Re: Trojan Zeus (alias ZBot)

Posted: Thu Mar 29, 2012 1:58 pm
by Maxstar
I think this is a also a Zbot / Zeus sample!

https://www.virustotal.com/file/8a30fbe ... /analysis/
MD5: c215cba7566628f984f8649f1218963a
Detection ratio: 3 / 42

Re: Trojan Zeus (alias ZBot)

Posted: Fri Mar 30, 2012 7:29 am
by rkhunter
New modifications of ZBot were observed at last two days: PWS:Win32/Zbot.AES, PWS:Win32/Zbot.AET.
Droppers in attach.

Re: Trojan Zeus (alias ZBot)

Posted: Fri Mar 30, 2012 7:32 am
by rkhunter
Maxstar wrote:I think this is a also a Zbot / Zeus sample!
If I not mistaken, archive without password actually. Reupload, please.

Re: Trojan Zeus (alias ZBot)

Posted: Fri Mar 30, 2012 7:58 am
by Maxstar
rkhunter wrote:
Maxstar wrote:I think this is a also a Zbot / Zeus sample!
If I not mistaken, archive without password actually. Reupload, please.
I can't edit my post anymore, but I will send a PM to one of the moderators.
I also uploaded this sample by Emsisoft and MBAM and they don't want password protected archives so I have uploaded here the wrong archive. sorry. :oops:

Re: Trojan Zeus (alias ZBot)

Posted: Sun Apr 01, 2012 12:16 pm
by rkhunter
ZBot collection, observed last 10 days.

http://narod.ru/disk/44870347001.f93d33 ... t.zip.html

Re: Trojan Zeus (alias ZBot)

Posted: Mon Apr 02, 2012 1:51 am
by EP_X0FF
PWS Zbot extracted from BH EK. In archive dropper + unpacked.

4 / 42
https://www.virustotal.com/file/f2b32a4 ... /analysis/

Re: Trojan Zeus (alias ZBot)

Posted: Tue Apr 03, 2012 2:25 pm
by Evilcry
A gift from ZeuS for passengers of US Airways
http://www.securelist.com/en/blog/20819 ... US_Airways

In the footer available the list of ZeuS MD5 hashes involved.