Dear All,
As i promises to DavidR and Polonus, here’s again the new analyze information of new trojan of Zbot which’s avast still not detect this kind of malware
The summary report is indicate about 23.3% which’s there is around 10 AV engines has detect this variant
If you guys required this source file, please just let me know and i will sent you personally
cheers,
Dear All,
I submit the sample of this malware to viruslab already…
cheers,
Hi Yanto.Chiang,
It is good to check on these bots like Zeus, SpyEye etc.
abuse.ch also has a palevo tracker, look here: http://www.abuse.ch/?p=3231
http://amada.abuse.ch/palevotracker.php
http://amada.abuse.ch/palevotracker.php?statistic
http://amada.abuse.ch/blocklist.php
Other Bozvanovna Zeus:As number: AS29106
AS name: VolgaHost
Subnet: 91.213.174.0/24
ZeuS C&Cs: zeustracker.abuse.ch/monitor.php?as=29106
Spamhaus SBL: www.spamhaus.org/sbl/sbl.lasso?query=SBL83028
CIDR Report: www.cidr-report.org/cgi-bin/as-report?as=AS29106
Make a note of these scanners,
pol
Hi Polonus,
These all of your posted information was very completed,
Great, anyway i just got other information again from friend of mine which is he got a new 2 variants and one of the new malware founded indicated as Downloader or Zbot again.
Here is the virustotal link for the new one : http://www.virustotal.com/file-scan/report.html?id=ba63801a9adc7d3045566ef04fd651eea9d1395438cf31ac986df4bf7ddc9d8c-1298077710
cheers,
Hi Yanto.Chiang
Here a list of recent finds, ThreatExpert Reports and Prevx info can also be found through the virustotal results,
e.g.: http://info.prevx.com/aboutprogramtext.asp?PX5=08D14F3F005C0F48AAFA00D06433EA00827E0211
and http://www.threatexpert.com/report.aspx?md5=b87ac5e100a08b548cd48a32a19fa241
Last 24 hrs Trojan.Generic.KDV.135042 had 59.26% servers reporting this trojan as compared to the top 10 finds…
General type description:
Trojan.Banker
Threat Level: High
Description:Trojan.Banker steals information such as bank accounts, usernames, passwords and credit card details from your computer and sends it to the attacker.
Type:TT_Trojan
Hope avast will add detection to these latest versions of banker trojans soon,
polonus
Well avast added it to it’s detection, status “solved”…
http://www.virustotal.com/file-scan/report.html?id=ba63801a9adc7d3045566ef04fd651eea9d1395438cf31ac986df4bf7ddc9d8c-1298148940
Hi Polonus,
Thank you so much to help me in solving this new malware, let me check it on monday since i put the source of malware in another notebook.
And will update this status as soonest as possible.
cheers,
Hi Polonus,
I think avast has been update their VPS database since i retry to do on-demand scan upon this infected file, then avast show this file was infected by trojan gen.
But the weird things, why we should do on-demand scan which is avast real-time shield always running on the background?
It should be real time detection without doing on-demand scan, as like formerly malware sample that i ever submit and then avast automatically detected it without did on-demand scan.
cheers,
But the weird things, why we should do on-demand scan which is avast real-time shield always running on the background?The real-time shield does not check the hole computer, only those files that are in work...
Hi Pondus,
Yes i just retry it to re-extract in the same folder and then avast automatically detect it…
cheers,
I closed this thread following that avast has able to detect this variant as well.
Hi Yanto.Chiang,
This could be a very welcome Santander browser plug-in for your users under threat of the new Zeus trojan that hijacks the browser session and prevents the user from logging out while he abusively thinks he has logged out. I will give the link to the plug-in here, where I found it:
http://www.santander-products.co.uk/rapportsecuritysoftware/index.html it will
strengthen your defences against online identify theft
On PCs it works with:
Windows XP (all editions)
Windows Vista (all editions)
Windows 7 (all editions)
Internet Explorer 6, 7 and 8
Google Chrome 3.0.x and 4.0.x
BT Yahoo 3
pol
A lot of malware threads from you Galdorf. Is this your new area of focus, malware analysis? Or more of a pastime for you?
Also would like to see analysis for trojan Carberp,samples can be found here :
http://www.malwaredomainlist.com/mdl.php?search=trojan+car&colsearch=All&quantity=50
Regards