Zlob activity update


Zlob gang is still quite active. The latest sample we received (detected as Troj/Zlob-ACE) uses several tricks to entice user to download some of the fake anti-malware programs such as Antiviruspcsuite, MalwareWiped and PestCapture. All domains used by these fake tools are blocked by WSA 1000 (web security appliance).

A social engineering trick I have not seen before is this image, which attempts to make the unsuspecting user to believe that Windows Security Center is recommending installation of few “well known”, but fake anti-malware products.

Fake antio-virus