Thursday, November 20, 2008

Zlob and Vundo team up!

Recently, noticed few rogue websites that are pushing both Zlob fake codec and Vundo trojan. Usually, Vundo trojans spread in the form of keygens or cracks. However, the gang behind Vundo seems to be collaborating with Zlob gang to spread malware in the form of fake codecs!

Here's one such website, aaibberlinoschlosschn.com.cn (69.61.96.245), hosting both Vundo and Zlob. A Zlob installer is offered for download if "Continue" button is clicked, and a Vundo dropper is delivered when "Download free player" link is clicked.



VirusTotal scan results for Zlob and Vundo droppers are available here and here respectively.

1 Comments:

Anonymous Anonymous said...

I think we will be seeing more cooperation among the malware groups in 2009. I've been seeing this for a couple of months now as I prepare malware signatures. It's getting harder to find/sig all the malware related to a sample, and it takes longer to analyze the samples.

Regards,

RWS

10:53 AM  

Post a Comment

<< Home