Page 7 of 29

Re: Trojan Zeus (alias ZBot)

Posted: Tue Feb 28, 2012 5:25 pm
by rkhunter
MD5: 4ec8894abc2508c3a2bb0adf209676cd
5/43

MD5: e2267467c9ee62583814cb2a6904a6e7
6/43

Re: Trojan Zeus (alias ZBot)

Posted: Sat Mar 03, 2012 2:02 pm
by Aleksandra
MD5: 36d4b7bf9bf5f5d262e14b22b029c357
SHA1: d07b79f2a6b41583b2b5733dc1006593709ad6de
2/43

Re: Trojan Zeus (alias ZBot)

Posted: Sun Mar 04, 2012 5:56 pm
by rkhunter
19 samples, observed last few days

Re: Trojan Zeus (alias ZBot)

Posted: Mon Mar 12, 2012 9:13 am
by rkhunter
17 droppers in archive

Re: Trojan Zeus (alias ZBot)

Posted: Mon Mar 19, 2012 5:54 am
by rkhunter
ZBot collection, observed last three month http://narod.ru/disk/43976718001.6c9f15 ... t.zip.html

Unknown?

Posted: Tue Mar 20, 2012 10:10 am
by Maxstar
Just received by mail.
Image

rapport.pdf.exe
https://www.virustotal.com/file/bce0e24 ... 332237452/
MD5: cff63a36b4d1b80d8daa31b371e04787
Detection ratio: 1 / 43

EDIT:
Possible zbot but i'm not sure.

Re: Unknown?

Posted: Tue Mar 20, 2012 10:46 am
by EP_X0FF

Re: Trojan Zeus (alias ZBot)

Posted: Thu Mar 22, 2012 9:59 pm
by Neurofunk
https://www.virustotal.com/file/dcbb0b9 ... /analysis/
MD5: 9097a9675a50ac7ec4d98f175fd326d6
Detection ratio: 8 / 43

Re: Trojan Zeus (alias ZBot)

Posted: Mon Mar 26, 2012 6:05 am
by rkhunter
Guys, great news :)
At last 3 month ZBot was the most common trojan and stealer, a huge number of various samples every day. But...
Microsoft and partners disrupt Zeus botnets http://blogs.technet.com/b/mmpc/archive ... tnets.aspx
This week, Microsoft has partnered with security experts and the financial services industry on a new action codenamed Operation b71 to disrupt some of the worst known botnets using variants of the notorious Zeus malware (which we detect as Win32/Zbot).
http://blogs.technet.com/b/microsoft_bl ... tnets.aspx

Re: Trojan Zeus (alias ZBot)

Posted: Mon Mar 26, 2012 4:07 pm
by Neurofunk
Interesting, one of the C&C's they mentioned shutting down is about 15 min from where I work (Lombard, IL). Seems kind of weird they'd put a C&C server inside the US considering it is pretty trivial for the government to get a shutdown order issued you'd think they'd want to keep it off shore somewhere.

edit: Well I suppose since it was Microsoft it isn't a government operation but really if the right amount of money made it into someones hands i'm sure it would have happened anyways ;)