An interesting website was brought to our attention yesterday. The server hosted a php file that can send out over 1500 different versions of the same malware.
Each version was slightly different in an attempt to avoid detection. Most likely, the author had a script that generated each file. This rudimentary attempt at script writing was not quite successful, however. All the files in the Zlob mob were detected by Sophos as Troj/Zlobar-Fam.
In the meantime, we’re keeping an eye on this Zlob blob to see what else the author tries.