Here are some of the new Zlob trojan spreading domains:
One of the Zlob variant (named
wmpcdcs.exe, hosted at
http://myprivatetubes09.net) uses Microsoft Windows Background Intelligent Transfer Service (BITS) to communicate with rogue servers to transfer data. Since BITS is a trusted Windows component, firewalls don't block it; making it easy for malware to download files from remote servers (info here and here). An automated analysis of this malware is available at ThreatExpert here.