Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Troj_zbot.pr

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Troj_zbot.pr
# 1  
Old 07-28-2008
Troj_zbot.pr
This malware arrives as a file downloaded from a certain URL.

Upon execution, it drops a copy of itself in the system folder. It creates a folder with attributes System and Hidden. It then creates the non-malicious files.

It injects itself into certain legitimate processes as part of its memory residency routine.

It attempts to access a Web site to download a file which contains information on where this malware can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites to monitor from which this malware steals information.

Once users access any of the monitored sites, this malware starts logging keystrokes. It attempts to retrieve information from Web sites of certain financial-related institutions, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

The information stolen by this malware is saved in a file and is then sent to a server via HTTP post.



More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT ULTRIX

mhpath

mhpath(1mh)															       mhpath(1mh)

Name
       mhpath - print full pathnames of MH messages and folders

Syntax
       mhpath [ +foldername ] [ msgs ] [ -help ]

Description
       Use the command to display the full pathname of the specified folder.  If you do not specify a folder, displays the pathname of the current
       folder.

       If you specify a message with its message number, displays the pathname of the specified message.  You can also specify a  number  of  mes-
       sages,  or  a range of messages.  If the top of the range that you specify is greater than the last message in the folder, displays as much
       of the specified range as possible.

       Additionally can take a keyword or a sequence name.  The following keywords are acceptable:

       first	 The first message in the folder.

       last	 The last message in the folder.

       new	 The message after the last message in the folder.  You cannot use new as part of a message range.

       cur	 The current message in the folder.

       prev	 The message before the current message.

       next	 The message after the current message.

       all	 All of the messages in the folder.

Options
       -help	 Prints a list of the valid options to this command.

Examples
       In the following example, displays message 3 in the folder
       % mhpath +inbox 3
       /r/phyl/Mail/inbox

       The following example displays the pathname of messages 2 to 5 in the current folder:
       % mhpath 2-5
       /r/phyl/Mail/inbox/2
       /r/phyl/Mail/inbox/3
       /r/phyl/Mail/inbox/4
       /r/phyl/Mail/inbox/5

Profile Components
       Path:   To determine your Mail directory

Files
       The user profile.

See Also
       folder(1mh)

																       mhpath(1mh)