Monday, December 22, 2008

Zlob updates

Here are some of the new Zlob trojan spreading domains: ( ( ( ( (

One of the Zlob variant (named wmpcdcs.exe, hosted at uses Microsoft Windows Background Intelligent Transfer Service (BITS) to communicate with rogue servers to transfer data. Since BITS is a trusted Windows component, firewalls don't block it; making it easy for malware to download files from remote servers (info here and here). An automated analysis of this malware is available at ThreatExpert here.


Post a Comment

<< Home