Zlob trojan

Zlob trojan

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a trojan horse which masquerades as a needed video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.[1]

Once installed, it displays popup ads with appearance similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups triggers the download of a fake anti-spyware program (such as Virus Heat and MS Antivirus (Antivirus 2009)) in which the trojan horse is hidden.[1]

The group that created Zlob have also created a Mac trojan with similar behaviours (named RSPlug).[2] Some variants of the Zlob family, like the so-called DNSChanger, add rogue DNS name servers to the Registry of Windows-based computers[3] and attempt to hack into any detected router to change the DNS settings and therefore could potentially re-route traffic from legitimate web sites to other suspicious web sites.

The trojan has also been linked to downloading atnvrsinstall.exe which uses the Windows Security shield icon to look as if it is an Anti Virus installation file from Microsoft. Having this file initiated can wreak havoc on computers and networks. One symptom is random computer shutdowns or reboots with random comments. This is caused by the programs using Scheduled Tasks to run a file called "zlberfker.exe".

PHSDL - Project Honeypot Spam Domains List[4] tracks and catalogues Zlob spam Domains. Some of the domains on the list are redirects to porn sites and various video watching sites that show a number of inline videos. Clicking on the video to play activates a request to download an ActiveX codec which is malware. It prevents the user from closing the browser in the usual manner. Other variants of Zlob Trojan installation are in the form of computer scan that comes as a Java cab.[5]

There is evidence that the Zlob trojan might be a tool of the Russian Business Network[6] or at least of Russian origin.[7]

See also

  • Search-daily Hijacker

References

External links

Anti Zlob Malware Forums


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Trojan.Emcodec.E — is a trojan horse that is mis represented as an audio/video codec for Windows based PCs. It exists in various variants with names such as Media Codec, Ecodec, Imediacodec, IntCodec, Pcodec, SVideocodec, Video iCodec, QualityCodec, Vcodec, Zip… …   Wikipedia

  • List of trojan horses — *AytonScape *Bandook *Beast Trojan *Bifrost * Downloader.Zlob *Bohmini.A *Generic8.LDI *Generic9.ABWM *Generic9.ZYW *Graybird (Backdoor Graybird, Backdoor Graybird P) *Insurrection *Koobface (attacks through social networking message links)… …   Wikipedia

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • Spyware — is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically,… …   Wikipedia

  • Forum spam — Spam is the posting of advertisements, abusive, or unneeded messages on Internet forums. It is generally posted by automated spambots.Types of spamMost spambot forum spam consists of links, with the dual goals of increasing search engine… …   Wikipedia

  • Stuxnet — ist ein Computerwurm, der im Juni 2010 entdeckt und zuerst unter dem Namen RootkitTmphider beschrieben wurde.[T 1] Das Schadprogramm wurde speziell für ein bestimmtes System zur Überwachung und Steuerung technischer Prozesse (SCADA System) der… …   Deutsch Wikipedia

  • Malware Alarm — is a rogue Anti Spyware developed by SS Development that poses as a legitimate anti spyware which installs itself onto your PC through the Zlob trojan. It attempts to persuade users to buy the software by displaying ads and other nagware.… …   Wikipedia

  • Zinaps AntiSpyware 2008 — is a rogue anti spyware program developed by Zinaps Corporation that poses as a legitimate antispyware program [http://www.2 spyware.com/remove zinaps antispyware.html] . It attempts to persuade users to buy the software by displaying false scans …   Wikipedia

  • SpywareStrike — is a rogue anti spyware program. This means that it pretends to be an anti spyware program, but it is a security risk since it gives exaggerated information about the computers security status so that the user would buy the full commercial… …   Wikipedia

  • Spylocked — pp semi protected|small=yes SpyLocked, also known as SpywareLocked, is rogue software that seeks to trick the user into purchasing its full rogue version. SpyLocked issues false security messages alleging that the user s computer is infected with …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”