Zlob activity update

Filed Under: Malware, SophosLabs

Zlob gang is still quite active. The latest sample we received (detected as Troj/Zlob-ACE) uses several tricks to entice user to download some of the fake anti-malware programs such as Antiviruspcsuite, MalwareWiped and PestCapture. All domains used by these fake tools are blocked by WSA 1000 (web security appliance).

A social engineering trick I have not seen before is this image, which attempts to make the unsuspecting user to believe that Windows Security Center is recommending installation of few "well known", but fake anti-malware products.

Fake antio-virus

, ,

You might like

One Response to Zlob activity update

  1. Douglas · 1795 days ago

    The image doesn't seem to be working? Produces a 404 response when I click on it as well.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.