Zbot IM and invoice_8612112

Another repacked variant of Zbot, the banking password stealer component of the all-too-common exploit/trojan kit Zeus, is being distributed over Yahoo! Messenger, in email, and being downloaded via web browser. There is no regional concentration, we’ve seen triggers in Argentina, Alaska, Philippines, Romania, California — it’s globally distributed. Detection is poor and this variant has been obfuscated well.

Do not fall for IM messages or email claiming to warn you of a UPS delivery failure, carrying a zip archive (invoice_8612112.zip) and containing a filename like invoice_8612112.exe. If you do see such a thing, please make a copy of the text of the message and contact us in our comments section. It seems to be changing. Do not run the file.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>