|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| Malware Advisories (RSS) Malware Security Advisories Via RSS |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Troj_zbot.op | iBot | Malware Advisories (RSS) | 0 | 07-17-2008 07:50 PM |
| Troj_zbot.nj | iBot | Malware Advisories (RSS) | 0 | 07-09-2008 09:10 PM |
| Troj_zbot.mz | iBot | Malware Advisories (RSS) | 0 | 06-30-2008 10:10 AM |
| Troj_zbot.lm | iBot | Malware Advisories (RSS) | 0 | 06-27-2008 01:10 AM |
| Troj_zbot.mh | iBot | Malware Advisories (RSS) | 0 | 06-18-2008 06:20 AM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Search this Thread | Display Modes |
|
#1
07-25-2008
|
||||
|
||||
|
Troj_zbot.pg
This Trojan arrives as a downloaded file from a certain URL.
It downloads a configuration file from a certain Web site. The said file contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains targeted bank-related Web sites to monitor from which it steals information. Once users access any of the monitored sites, this Trojan starts logging keystrokes. It saves gathered information in a file then sends it to a remote site through HTTP post. It creates a mutex to ensure that only one instance of itself is running in memory. It modifies the windows HOST file to restrict user to access certain domains. It checks for the presence of processes which are related to Outpost Personal Firewall and ZoneLabs Firewall Client. It then terminates the said processes. It has rootkit capabilities, which enables it to hide its processes and files from the user. More... 
|
||||
| Google The UNIX and Linux Forums |
| Forum Sponsor | ||
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
