TSPY_ZBOT.RLD
October 08, 2012
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
REPORTED INFECTION:
SYSTEM IMPACT RATING:
INFORMATION EXPOSURE:
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Spyware
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
It executes then deletes itself afterward.
TECHNICAL DETAILS
File Size: 118784 bytes
File Type: EXE
Memory Resident: Yes
Initial Samples Received Date: 03 May 2011
Payload: Drops files, Connects to URLs/Ips
Arrival Details
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
Installation
This spyware drops the following files:
- %UserTemp%\{random}.dll
It executes then deletes itself afterward.
NOTES:
This malware connects to the following server for its information theft routine:
- {BLOCKED}2.{BLOCKED}1.164.155
- {BLOCKED}ko.ru
- {BLOCKED}lolo.ru
- l{BLOCKED}o.ru
- {BLOCKED}an2.com
- {BLOCKED}ing2.com
- {BLOCKED}qi.com
- {BLOCKED}uexi.com
- {BLOCKED}merz.gov