Clicky
Last visit was: Fri Jul 04, 2014 6:52 pm
It is currently Fri Jul 04, 2014 6:52 pm

Zeus Bot Malware


All times are UTC - 5 hours [ DST ]


 [ 3 posts ] 
Author Message
 PostPosted: Tue Feb 23, 2010 2:12 pm   
Spam Muncher
User avatar

Joined: Tue Jan 02, 2007 11:04 am
Posts: 842
The two links are users.qwest.net/~benpeg72/Secure/wanadoo.swf and users.qwest.net/~lorddaven/Links/FlashPlayer10.0.45.2.exe are still active. I have forward to abuse (at) qwest.net and us-cert.gov but I have no answers/action.

Kaspersky detects it as Trojan-Spy.Win32.Zbot.afjs.

It is a malware/trojan detected by 16/41 antivirus companies.
see there:

http://www.threatexpert.com/report.aspx ... 84c6444429

http://www.virustotal.com/en/analisis/7 ... 1266948016

http://virscan.org/report/0d078e9f8cddf ... 14c9d.html

Code:
                                                                 
Return-Path: <xxxxxxxxxx>
Received: from mwinf2b09.orange.fr (mwinf2b09 [10.232.22.37]) by mwinb7603 with LMTPA; Mon, 22 Feb 2010 07:34:41 +0100
X-Sieve: CMU Sieve 2.3
X-Bcc: xxxxxxxxxxxxxxxxxxxxxx
Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf2b09.orange.fr (SMTP Server) with ESMTP id 9329C1C000A7 for <[email protected]>; Mon, 22 Feb 2010 07:34:41 +0100 (CET)
Received: from orange (AMarseille-553-1-225-12.w92-153.abo.wanadoo.fr [92.153.17.12]) by mwinf2b09.orange.fr (SMTP Server) with SMTP id 2357A1C00051 for <xxxxxxxxxxxxx>; Mon, 22 Feb 2010 07:34:39 +0100 (CET)
X-ME-UUID: [email protected]
Content-Transfer-Encoding: 7bit
From: "Daisy" <xxxxxxxxxx>
To: <xxxxxxxxxxx>
Subject: [spam] oui ?
MIME-Version: 1.0
Content-Type: text/html;
   charset="iso-8859-1"
X-Antivirus: avast! (VPS 100221-1, 21/02/2010), Outbound message
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7600.16385
X-Antivirus-Status: Clean
Message-ID: <[email protected]>
X-SpamFlt-Status: Not Detected
Date: Mon, 22 Feb 2010 07:34:39 +0100 (CET)
X-me-spamlevel: not-spam
X-me-spamrating: 40.000000
X-me-spamcause:  OK, (0)(0000)gggruggvucftvghtrhhoucdtuddrvdeltddrgedvgddvudduhecuteggodetufdouefnucfrrhhofhhilhgvmecuoffgnecuuegrihhlohhuthemuceftddtnecu
X-Text-Classification: spam
X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=9892


<EMBED height=360
type=application/x-shockwave-flash width=634
src=http://www.users.qwest.net/~benpeg72/Secure/wanadoo.swf</FONT>
</FONT>





Top
 Profile  
 PostPosted: Wed Feb 24, 2010 5:09 am   
Spam Muncher
User avatar

Joined: Tue Jan 02, 2007 11:04 am
Posts: 842
The two links are down! :D


Top
 Profile  
 PostPosted: Wed Feb 24, 2010 10:44 am   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Good, glad to hear Qwest took those down. I haven't reported much of anything to them recently, so good to know they are responsive.


Top
 Profile  
 [ 3 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008