Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Trojan.Zbot
Showing posts in English
Hon Lau | 01 Dec 2009 18:53:34 GMT

Piggybacking (pun intended) on the swine flu pandemic is the Zeus bot crew, whose latest offering comes in the guise of an email purporting to come from the CDC (Center for Disease Control). The email contains a link to a bogus Web page that is made to look like an official CDC page.
The content of the page asks you to create a profile that will then enable you to get the H1N1 flu vaccine.
The subject lines used in the emails are quite variable; for example, the following have been seen:

•        Instructions on creation of your personal Vaccination Profile

•        Governmental registration program on the H1N1 vaccination

Patrick Fitzgerald | 23 Nov 2009 16:27:01 GMT

Once again Zeus is up to its old tricks with a new twist.  The latest spam run informs users that their latest Social Security statement is available but it may contain errors.  The subject of the mail will be something like “Review annual Social Security statement“ and the body warns of a potential identity theft risk and asks you to review your annual statement at the link they provide.

Figure 1. An example of the Spam

If you follow this link you will arrive at the following page:
Figure 2. This fake page asks for your social...

Mayur Kulkarni | 19 Nov 2009 21:35:04 GMT

We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks. These new attacks have similar traits, such as the spoofed “From” headers, which aggressively target and baffle enterprise users, and a subject line that is intended to cause panic (for obvious reasons—have a look at the example image below).


As seen in the message above, the mail attachment is a zipped file named “” that extracts an executable detected as Trojan.Dropper by Symantec antivirus. Using HTTP, this threat...

Eric Chien | 18 Nov 2009 19:54:37 GMT

Zeus is a botnet package that allows for the easy creation and command and control of a botnet.  We've discussed Zeus previously in Zeus, King of the Underground Crimeware Toolkits. The main purpose of Zeus is to steal online credentials such as online banking passwords, but it can be configured to steal passwords from any online site. 

Today, the BBC is reporting that police in the UK have arrested two suspects in relation to Zeus. While the details are preliminary, the two likely appear to be users of the Zeus botnet package rather than the actual creators, and thus the prevalence and usage of Zeus is likely to continue.

We've created a research paper providing more in-depth information on Zeus, including how the bot is created, what functionality it has, and additional...

Peter Coogan | 04 Nov 2009 19:26:49 GMT

The Fragus exploit pack showed up on our radar a few months ago and has been steadily growing to become one of the most prevalent exploit packs being seen in the wild today by Symantec. It is similar to other popular exploit packs available—such as Unique, YES, Eleonore, and Liberty—but it brings some new and interesting features with it. Exploit packages are generally designed as a means to allow attackers to group and serve exploits from their website against the browsers of unsuspecting visitors. It is done in a nice GUI form, hosted on a Web server, and allows the attacker to generally choose which exploits to run. Once exploited, a final payload is served to the system. All of this is dished up in a control panel with some nice statistics on how successful the campaign has been.  


Peter Coogan | 25 Aug 2009 19:43:45 GMT

The Zeus crimeware toolkit has been around now for some time and is well established in the underground economy as being an easy-to-use and powerful tool for stealing personal data from remote systems. Initially linked to a group of criminals known as the “Rock Phish” group and targeting worldwide financial institutions, the toolkit has since become widely available both for sale and for free on underground forums.

The following video provides an insight into the Zeus crimeware toolkit, the underground economy, and distribution methods for the Trojan:


Liam O Murchu | 25 Apr 2008 23:25:31 GMT | 0 comments

The problem: You develop a software package that you want to sell in the underground community. However, your buyers are not the most reputable/trustworthy people. How do you prevent your product from being purchased once and then distributed freely afterwards? How do you enforce your “copyright”?

The solution: Ask the antivirus companies to help you out.

Here is a perfect example. The screen shot below is taken from a typical underground software package. Shown in the screen shot are the terms and conditions of the sale—the “licensing agreement.” Yes, that’s right; some underground packages come with a licensing agreement. The document is written in Russian, but a translation is provided below.