Zlob activity update

by Vanja Svajcer on May 4, 2007 | 1 Comment

Filed Under: Malware, SophosLabs

Zlob gang is still quite active. The latest sample we received (detected as Troj/Zlob-ACE) uses several tricks to entice user to download some of the fake anti-malware programs such as Antiviruspcsuite, MalwareWiped and PestCapture. All domains used by these fake tools are blocked by WSA 1000 (web security appliance).

A social engineering trick I have not seen before is this image, which attempts to make the unsuspecting user to believe that Windows Security Center is recommending installation of few "well known", but fake anti-malware products.

Fake antio-virus

Tags: , ,

One Response to Zlob activity update

  1. Douglas says:
    November 9, 2010 at 1:33 pm

    The image doesn't seem to be working? Produces a 404 response when I click on it as well.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.