The Zlob approach of propagating malware seems to have been quite successful for the bad guys: Not only are they still "going strong" more than a year after the first report, they also branched out to include Mac-OSX ( diary) earlier this month. Thinking it over, this sort of makes sense: if you want to trick a user into (voluntarily!) downloading and installing a piece of malware that claims to be a video codec, you probably don't want to scare the user away from the sites that draw him into the spyderweb by having other malware or exploit attempts lighting up the user's anti-virus. But there were none (none!) of the embedded IFRAMES with the latest collection of browser- and application exploits that such pages used to contain in the past, Zlob or not. Yes, there were the sleazy links, thousands of them, interlinking the pages to cause a good ranking in search engines. But not too much - certainly not enough to cause any virus scanner to reject the page outright. edu sites with links to the latest ZLOB variant, it occurred to me how different these pages were compared to one year ago: Yes, there was obfuscation of JavaScript. The write-up from back then is still an interesting read. Tomorrow, it will be a year since we first ran an analysis of the ZLOB family of trojans in the ISC diary.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |