[rkhunter]

MD5: 4ec8894abc2508c3a2bb0adf209676cd
5/43

MD5: e2267467c9ee62583814cb2a6904a6e7
6/43

[Aleksandra]

MD5: 36d4b7bf9bf5f5d262e14b22b029c357
SHA1: d07b79f2a6b41583b2b5733dc1006593709ad6de
2/43

[rkhunter]

19 samples, observed last few days

[rkhunter]

17 droppers in archive

[rkhunter]

ZBot collection, observed last three month http://narod.ru/disk/43976718001.6c9f15 ... t.zip.html

[Maxstar]

Just received by mail.


rapport.pdf.exe
https://www.virustotal.com/file/bce0e24 ... 332237452/
MD5: cff63a36b4d1b80d8daa31b371e04787
Detection ratio: 1 / 43

EDIT:
Possible zbot but i'm not sure.

[EP_X0FF]

ZBot

https://www.virustotal.com/file/808debd ... 332240260/

Posts moved.

[Neurofunk]

https://www.virustotal.com/file/dcbb0b9 ... /analysis/
MD5: 9097a9675a50ac7ec4d98f175fd326d6
Detection ratio: 8 / 43

[rkhunter]

Guys, great news :)
At last 3 month ZBot was the most common trojan and stealer, a huge number of various samples every day. But...
Microsoft and partners disrupt Zeus botnets http://blogs.technet.com/b/mmpc/archive ... tnets.aspx

This week, Microsoft has partnered with security experts and the financial services industry on a new action codenamed Operation b71 to disrupt some of the worst known botnets using variants of the notorious Zeus malware (which we detect as Win32/Zbot).

http://blogs.technet.com/b/microsoft_bl ... tnets.aspx

[Neurofunk]

Interesting, one of the C&C's they mentioned shutting down is about 15 min from where I work (Lombard, IL). Seems kind of weird they'd put a C&C server inside the US considering it is pretty trivial for the government to get a shutdown order issued you'd think they'd want to keep it off shore somewhere.

edit: Well I suppose since it was Microsoft it isn't a government operation but really if the right amount of money made it into someones hands i'm sure it would have happened anyways ;)