Saturday, January 24, 2009

Zlob Trojan is it the END?

Zlob Trojan is it the END?

Andy @Security Cadets wrote a blog post about a potential end of Zlob Trojan.

I have been following up on this Trojan for quite some time, SpyAxe being the first Zlobvertised rouge and Astrum Antivirus Pro being the last one.

iSafe AntiVirus another rogue from this gang was supposed to be replacing Astrum Antivirus Pro but fortunately termination of Zlob dint see this rogue getting Zlobvertised.

Vcodec.com is said to be the first site to begin the fake codec scam and Bspltools.com seems to be the last site used for the fake codec scam (not sure if this was the last site)

S!Ri’s SmitfraudFix is one of the tool the was instrumental is assimilating this scam. Patrick Jordan’s site has the historical records of various sites used in Zlob scam. You can find the site here.

Recently S!Ri found an message left by Zlob developers in reply to Microsoft’s blog post.

Hidden Message:

For Windows Defender's Team:
I saw your post in the blog (10-Oct-2008) about my previous message.
Just want to say 'Hello' from Russia.
You are really good guys.
It was a surprise for me that Microsoft can respond on threats so fast.
I can't sign here now (he-he, sorry), how it was some years ago for more seriously vulnerability for all Windows ;)
Happy New Year, guys, and good luck!

P.S. BTW, we are closing soon. Not because of your work. :-))
So, you will not see some of my great ;) ideas in that family of software.
Try to search in exploits/shellcodes and rootkits.
Also, it is funny (probably for you), but Microsoft offered me a job to help
improve some of Vista's protection. It's not interesting for me, just a life's irony.

It’s really good news that 4 years of Zlob trojans malicious trot finally comes to an end . The malware author also mentions “Try to search in exploits/shellcodes and rootkits”

So look out for the new scams that is on its way.

Bharath M N

P.S if you find any mistake in the Zlob history outlined please feel free to drop in a comment.

blog comments powered by Disqus