Zeus Bot Malware

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

Zeus Bot Malware

Postby roberto7888 » Tue Feb 23, 2010 2:12 pm

The two links are users.qwest.net/~benpeg72/Secure/wanadoo.swf and users.qwest.net/~lorddaven/Links/FlashPlayer10.0.45.2.exe are still active. I have forward to abuse (at) qwest.net and us-cert.gov but I have no answers/action.

Kaspersky detects it as Trojan-Spy.Win32.Zbot.afjs.

It is a malware/trojan detected by 16/41 antivirus companies.
see there:

http://www.threatexpert.com/report.aspx ... 84c6444429

http://www.virustotal.com/en/analisis/7 ... 1266948016

http://virscan.org/report/0d078e9f8cddf ... 14c9d.html

Code: Select all
                                                                 
Return-Path: <xxxxxxxxxx>
Received: from mwinf2b09.orange.fr (mwinf2b09 [10.232.22.37]) by mwinb7603 with LMTPA; Mon, 22 Feb 2010 07:34:41 +0100
X-Sieve: CMU Sieve 2.3
X-Bcc: xxxxxxxxxxxxxxxxxxxxxx
Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf2b09.orange.fr (SMTP Server) with ESMTP id 9329C1C000A7 for <cv1000000000000000112503636@back76-mail01-02.me-wanadoo.net>; Mon, 22 Feb 2010 07:34:41 +0100 (CET)
Received: from orange (AMarseille-553-1-225-12.w92-153.abo.wanadoo.fr [92.153.17.12]) by mwinf2b09.orange.fr (SMTP Server) with SMTP id 2357A1C00051 for <xxxxxxxxxxxxx>; Mon, 22 Feb 2010 07:34:39 +0100 (CET)
X-ME-UUID: 20100222063440144.2357A1C00051@mwinf2b09.orange.fr
Content-Transfer-Encoding: 7bit
From: "Daisy" <xxxxxxxxxx>
To: <xxxxxxxxxxx>
Subject: [spam] oui ?
MIME-Version: 1.0
Content-Type: text/html;
   charset="iso-8859-1"
X-Antivirus: avast! (VPS 100221-1, 21/02/2010), Outbound message
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7600.16385
X-Antivirus-Status: Clean
Message-ID: <20100222063440.2357A1C00051@mwinf2b09.orange.fr>
X-SpamFlt-Status: Not Detected
Date: Mon, 22 Feb 2010 07:34:39 +0100 (CET)
X-me-spamlevel: not-spam
X-me-spamrating: 40.000000
X-me-spamcause:  OK, (0)(0000)gggruggvucftvghtrhhoucdtuddrvdeltddrgedvgddvudduhecuteggodetufdouefnucfrrhhofhhilhgvmecuoffgnecuuegrihhlohhuthemuceftddtnecu
X-Text-Classification: spam
X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=9892


<EMBED height=360
type=application/x-shockwave-flash width=634
src=http://www.users.qwest.net/~benpeg72/Secure/wanadoo.swf</FONT>
</FONT>



User avatar
roberto7888
Spam Muncher
 
Posts: 842
Joined: Tue Jan 02, 2007 11:04 am

Re: Zeus Bot Malware

Postby roberto7888 » Wed Feb 24, 2010 5:09 am

The two links are down! :D
User avatar
roberto7888
Spam Muncher
 
Posts: 842
Joined: Tue Jan 02, 2007 11:04 am

Re: Zeus Bot Malware

Postby meep » Wed Feb 24, 2010 10:44 am

Good, glad to hear Qwest took those down. I haven't reported much of anything to them recently, so good to know they are responsive.
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm


Return to Malware

Who is online

Users browsing this forum: Baidu [Spider] and 2 guests

cron