Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Troj_zbot.pr

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Troj_zbot.pr
# 1  
Old 07-28-2008
Troj_zbot.pr
This malware arrives as a file downloaded from a certain URL.

Upon execution, it drops a copy of itself in the system folder. It creates a folder with attributes System and Hidden. It then creates the non-malicious files.

It injects itself into certain legitimate processes as part of its memory residency routine.

It attempts to access a Web site to download a file which contains information on where this malware can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites to monitor from which this malware steals information.

Once users access any of the monitored sites, this malware starts logging keystrokes. It attempts to retrieve information from Web sites of certain financial-related institutions, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

The information stolen by this malware is saved in a file and is then sent to a server via HTTP post.



More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OSF1

mhpath

mhpath(1)						      General Commands Manual							 mhpath(1)

NAME

       mhpath - print full pathnames of MH messages and folders (only available within the message handling system, mh)

SYNOPSIS

       mhpath [+foldername] [msgs] [-help]

OPTIONS

       Prints a list of the valid options to this command.

DESCRIPTION

       Use  the  mhpath command to display the full pathname of the specified folder. If you do not specify a folder, mhpath displays the pathname
       of the current folder.

       If you specify a message with its message number, mhpath displays the pathname of the specified message. You can also specify a	number	of
       messages,  or a range of messages. If the top of the range that you specify is greater than the last message in the folder, mhpath displays
       as much of the specified range as possible.

       Additionally mhpath can take a keyword or a sequence name. The following keywords are acceptable: The first message  in	the  folder.   The
       last  message in the folder.  The message after the last message in the folder. You cannot use new as part of a message range.  The current
       message in the folder.  The message before the current message.	The message after the current message.	All of the messages in the folder.

PROFILE COMPONENTS

       Path: To determine your Mail directory

EXAMPLES

       In the following example, mhpath displays message 3 in the folder +inbox: % mhpath +inbox 3 /r/phyl/Mail/inbox The following  example  dis-
       plays  the  pathname  of messages 2 to 5 in the current folder: % mhpath 2-5 /r/phyl/Mail/inbox/2 /r/phyl/Mail/inbox/3 /r/phyl/Mail/inbox/4
       /r/phyl/Mail/inbox/5

FILES

       The user profile.

SEE ALSO

       folder(1)

																	 mhpath(1)