The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > Malware Advisories (RSS)
Google UNIX.COM


Malware Advisories (RSS) Malware Security Advisories Via RSS

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Troj_zbot.pk iBot Malware Advisories (RSS) 0 07-25-2008 09:20 PM
Troj_zbot.oy iBot Malware Advisories (RSS) 0 07-23-2008 04:20 AM
Troj_zbot.ox iBot Malware Advisories (RSS) 0 07-21-2008 07:00 PM
Troj_zbot.om iBot Malware Advisories (RSS) 0 07-17-2008 07:50 PM
Troj_zbot.mh iBot Malware Advisories (RSS) 0 06-18-2008 06:20 AM

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-26-2008
iBot's Avatar
RSS Robot Girl
 

Join Date: Sep 2000
Posts: 14,302
Troj_zbot.pq

This Trojan arrives on a system as a file dropped by other malware or as a downloaded file from http://{BLOCKED}v.ru/test/ldr.exe.

It downloads an encrypted configuration file from http://{BLOCKED}v.ru/test/cfg.bin. Once decrypted, the downloaded configuration file contains a list of financial-related Web sites which this Trojan monitors. Note that the contents of the file, hence the list of Web sites to monitor, may change any time.

This Trojan attempts to steal sensitive online banking information. When a user attempts to access any of the monitored sites in the configuration file, it captures user input, specifically those entered in the input boxes designed for user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

The gathered information is then sent to http://{BLOCKED}v.ru/test/s.php via HTTP POST.

This Trojan terminates itself once firewall-related processes are running in the system.



More...
Reply With Quote
Google The UNIX and Linux Forums
Forum Sponsor
Reply

Thread Tools
Display Modes




All times are GMT -7. The time now is 08:13 AM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Global Fact Book

Content Relevant URLs by vBSEO 3.2.0