Wednesday, May 7, 2008

New Component sites from SSH Zlob Trojan

New Component sites from SSH Zlob Trojan

What’s New? Well they have designed a pair on new icons that is usually placed on the desktop of the infected machine and below is the rest of the story.




Zlob Trojan Distributing sites

Site Name: Wmvtool.com
IP Address: 85.255.120.110

Site Name: Avitool.com
IP Address: 85.255.118.178


Scam Internet Security Page:
Site Name: Instantsafepage.com
IP Address: 85.255.116.212

Screenshot of Instantsafepage.com site


404Errorpage Scam:
Site Name: Iednsallerror.com
IP Address: 85.255.118.242

Screenshot of Iednsallerror.com site

Also the sites Dnspoles.com and 404dnspage.com shares the same ip and its also a 404Errorpage Scam component site.

Security Guide Scam Page:
Site Name: Safeshortcuts.com
IP Address: 85.255.118.210

Screenshot of Safeshortcuts.com/soft page

Screenshot of Safeshortcuts.com/test/ page


Ad-Server-Gate Pages:
Site Name: Gategq.com
IP Address: 85.255.118.37

Site Name: Gatebm.com
IP Address: 85.255.118.38

The Ad-Server-Gate pages redirects to fake Security center site Secureinfotool.com which promotes Rogue security applications.

Site Name: Secureinfotool.com
IP Address: 85.255.118.34

Screenshot of Secureinfotool.com site


Also the following site is used in Zlob tool bar to redirect users to malicious domains.

Site Name: Toolbarset.com
IP Address: 85.255.118.36


All the above mentioned sites advertise well documented Rogue security applications. Stay away from these sites.

Bharath M N

Posted by Bharath M Narayan at 8:46 PM  

blog comments powered by Disqus
Subscribe to: Post Comments (Atom)