TSPY_ZBOT.RLD
October 08, 2012
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
REPORTED INFECTION:
SYSTEM IMPACT RATING:
INFORMATION EXPOSURE:
Threat Type: Spyware
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
It executes then deletes itself afterward.
TECHNICAL DETAILS
File Size:
118784 bytes
File Type:
EXE
Memory Resident:
Yes
Initial Samples Received Date:
03 May 2011
Payload:
Drops files, Connects to URLs/Ips
Arrival Details
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
Installation
This spyware drops the following files:
- %UserTemp%\{random}.dll
It executes then deletes itself afterward.
NOTES:
This malware connects to the following server for its information theft routine:
- {BLOCKED}2.{BLOCKED}1.164.155
- {BLOCKED}ko.ru
- {BLOCKED}lolo.ru
- l{BLOCKED}o.ru
- {BLOCKED}an2.com
- {BLOCKED}ing2.com
- {BLOCKED}qi.com
- {BLOCKED}uexi.com
- {BLOCKED}merz.gov