A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #11872  by rkhunter
 Tue Feb 28, 2012 5:25 pm
MD5: 4ec8894abc2508c3a2bb0adf209676cd
5/43

MD5: e2267467c9ee62583814cb2a6904a6e7
6/43
You do not have the required permissions to view the files attached to this post.
 #11946  by Aleksandra
 Sat Mar 03, 2012 2:02 pm
MD5: 36d4b7bf9bf5f5d262e14b22b029c357
SHA1: d07b79f2a6b41583b2b5733dc1006593709ad6de
2/43
You do not have the required permissions to view the files attached to this post.
 #11955  by rkhunter
 Sun Mar 04, 2012 5:56 pm
19 samples, observed last few days
You do not have the required permissions to view the files attached to this post.
 #12070  by rkhunter
 Mon Mar 12, 2012 9:13 am
17 droppers in archive
You do not have the required permissions to view the files attached to this post.
 #12345  by rkhunter
 Mon Mar 26, 2012 6:05 am
Guys, great news :)
At last 3 month ZBot was the most common trojan and stealer, a huge number of various samples every day. But...
Microsoft and partners disrupt Zeus botnets http://blogs.technet.com/b/mmpc/archive ... tnets.aspx
This week, Microsoft has partnered with security experts and the financial services industry on a new action codenamed Operation b71 to disrupt some of the worst known botnets using variants of the notorious Zeus malware (which we detect as Win32/Zbot).
http://blogs.technet.com/b/microsoft_bl ... tnets.aspx
 #12353  by Neurofunk
 Mon Mar 26, 2012 4:07 pm
Interesting, one of the C&C's they mentioned shutting down is about 15 min from where I work (Lombard, IL). Seems kind of weird they'd put a C&C server inside the US considering it is pretty trivial for the government to get a shutdown order issued you'd think they'd want to keep it off shore somewhere.

edit: Well I suppose since it was Microsoft it isn't a government operation but really if the right amount of money made it into someones hands i'm sure it would have happened anyways ;)
  • 1
  • 5
  • 6
  • 7
  • 8
  • 9
  • 29