Tag Archives: ZBot
A ZBot trojan variant in emails pretending to come from DHL
We all thought that the days of ZBot trojan are long gone, but maybe it was only our hope and not the reality. We have started to detect in an aggressive spam campaign with emails pretending to come from DHL, … Continue reading
Fake Certificate in Malware – with Message
The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital … Continue reading
Malware signed with fake Avira Certificate
While analyzing new malware samples we stumbled over a sample which contains a digital Avira signature. Something we need to check! Viewing the properties of the digital signature, Microsoft Windows shows a note “A certificate chain processed, but terminated in … Continue reading
Kneber-Botnet – something new?
The news spreads on the net that a new, giant botnet has been detected, named “Kneber”. It seems to have hijacked more than 75,000 PCs world-wide, also in companies and government nets. Upon closer investigation it turns out that the … Continue reading
ZeuS-Botnet: Command&Control in the Cloud
The ZeuS Tracker project stumbled upon a ZBot variant which used Amazons Cloud hosting service EC2 as Command&Control (C&C) server. ZBot is a widespread trojan which can spy on online banking credentials and steals other login information. It gets sold … Continue reading