Wednesday, January 30, 2008

New Zlob Trojan Distributing Site

New Zlob Trojan Distributing Site


Site Name: pvgadget.com
IP address: 85.255.118.181
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.pvgadget.com [85.255.118.181
ns2.pvgadget.com [85.255.118.182]

The Zlob Trojan stealthy installs VirusProtect 3.9 [virusprotectpro(dot)com] (a well documented rogue security application)

The installer from the site was scanned and here are the results:

Virustotal Scan Result: 7/32 (21.88%)

AntiVir 7.6.0.57 2008.01.29 DR/Zlob.Gen
AVG 7.5.0.516 2008.01.30 Downloader.Zlob.RN
BitDefender 7.2 2008.01.30 DeepScan:Generic.Zlob.7.E65C926C
ClamAV 0.91.2 2008.01.29 Trojan.Dropper-2529
F-Prot 4.4.2.54 2008.01.29 W32/Zlob.I.gen!Eldorado
Microsoft 1.3109 2008.01.28 TrojanDownloader:Win32/Zlob.gen!AL
Webwasher-Gateway 6.6.2 2008.01.29 Trojan.Dropper.Zlob.Gen

Sunbelt Sandbox analysis here

Stay away from this site.

Bharath M N

Posted by Bharath M Narayan at 9:07 AM  

blog comments powered by Disqus
Subscribe to: Post Comments (Atom)