Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

New Zbot Sample gets Extremely Low Score from Anti-Virus Detection Engines

AppRiver the security company lately stumbled upon a malware strain recognized to be Zbot but its detection rate was very poor as only 5 anti-virus engines from a total 52 of VirusTotal could actually catch it.

Security Researcher Jonathan French from AppRiver had intercepted one electronic mail having a ZIP folder with a payload whereby the folder posed as delivering consumer statements that certain options broker Berkley Futures Limited supposedly sent, published softpedia.com, June 18, 2014.

In reality, the e-mail was a phishing scam, while its malevolent ZIP archive happened to be password-protected. Recipient of this e-mail would find the password mentioned inside the message body that really flouts file security so should indicate the e-mail's fraudulent nature.

When inspected closely, the file revealed as being created with RAR compression, with a possibility that the .zip filename had been placed for obfuscating certain scan engines alternatively it was inadvertently added.

French explains that the attacker by using RAR file has made his assault unique since for opening RAR files, specific software is required, whilst for opening ZIP files, nearly any system can work. Scmagazine.com reported this, June 18, 2014.

It has been found that the fraudulent excel document, in reality, is certain Trojan installer, which if viewed, pulls down more malware online. This malware is certain 220kb "1.exe" executable, which AV scanners identified to be Zbot (also called ZeuS).

Regarded as a highly pervasive Trojan, ZeuS and its variants employ keyloggers along with more capabilities for tampering with any computer system's security configurations as well as intercepting the user's keyboard activities.

According to Touchette, VirusTotal's detection rate is rather low for the above mentioned Trojan installer, implying numerous people haven't still seen it alternatively are still chanced with incorporating the installer's definitions into their anti-virus programs.

Conclusively Touchette posts that users must exercise caution if they receive a file from unfamiliar sources, while particularly remain vigilant about zipped archives that are password-protected alongside mention of that password anywhere inside the message's text. When zipped files are protected it helps malware purveyors towards countervailing malware filters already deployed, he writes. Blogs.appriver.com published this, June 18, 2014.

ยป SPAMfighter News - 6/27/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next