Troj_zbot.pr

07-28-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Troj_zbot.pr

This malware arrives as a file downloaded from a certain URL.

Upon execution, it drops a copy of itself in the system folder. It creates a folder with attributes System and Hidden. It then creates the non-malicious files.

It injects itself into certain legitimate processes as part of its memory residency routine.

It attempts to access a Web site to download a file which contains information on where this malware can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites to monitor from which this malware steals information.

Once users access any of the monitored sites, this malware starts logging keystrokes. It attempts to retrieve information from Web sites of certain financial-related institutions, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

The information stolen by this malware is saved in a file and is then sent to a server via HTTP post.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

RMF(1) [nmh-1.5] RMF(1) NAME
rmf - remove an nmh folder SYNOPSIS
rmf [+folder] [-interactive | -nointeractive] [-version] [-help] DESCRIPTION
Rmf removes all of the messages (files) within the specified (or default) folder, and then removes the folder (directory) itself. If there are any files within the folder which are not a part of nmh, they will not be removed, and an error will be produced. If the folder is given explicitly or the -nointeractive option is given, then the folder will be removed without confirmation. Otherwise, the user will be asked for confirmation. If rmf can't find the current folder, for some reason, the folder to be removed defaults to `+inbox' (unless overridden by user's profile entry "Inbox") with confirmation. If the folder being removed is a subfolder, the parent folder will become the new current folder, and rmf will produce a message telling the user this has happened. This provides an easy mechanism for selecting a set of messages, operating on the list, then removing the list and returning to the current folder from which the list was extracted. If rmf s used on a read-only folder, it will delete all the (private) sequences (i.e., "atr-seq-folder" entries) for this folder from your context without affecting the folder itself. Rmf irreversibly deletes messages that don't have other links, so use it with caution. FILES
$HOME/.mh_profile The user profile PROFILE COMPONENTS
Path: To determine the user's nmh directory Current-Folder: To find the default current folder Inbox: To find the default inbox SEE ALSO
rmm(1) DEFAULTS
`+folder' defaults to the current folder, usually with confirmation `-interactive' if +folder' not given, `-nointeractive' otherwise CONTEXT
Rmf will set the current folder to the parent folder if a subfolder is removed; or if the current folder is removed, it will make "inbox" current. Otherwise, it doesn't change the current folder or message. BUGS
Although intuitively one would suspect that rmf works recursively, it does not. Hence if you have a sub-folder within a folder, in order to rmf the parent, you must first rmf each of the children. MH.6.8 11 June 2012 RMF(1)

Malware Advisories (RSS)

Troj_zbot.pr

LEARN ABOUT OPENSOLARIS

rmf