You are viewing a plain text version of this content. The canonical link for it is here.
Posted to blogspam@spamassassin.apache.org by PHSDL <ad...@phsdl.net> on 2007/12/14 11:46:35 UTC
Alert Zlob Trojan using other domains besides Porn
I just got a post with a free Web service domain url with flower sho file
name and glass sho file names that once I went to that url, there was a long
list of URLs that when clicked redirected to a Malware domain that pretends
to scan your computer.
One of the redirecting domains is yourflowershow.com
Zlob Trojan is morphing from Porn to general domains and URLs this is very
dangerous...
Igor Berger
PHSDL
Administrator
Zlob Troian Spam Domain Variants
Posted by PHSDL <ad...@phsdl.net>.
I am aware of two Zlob Trojan redirect domains variants.
One is in the forum of an ActiveX that tries to install itself when a
contaminated Website is opened in a Browser.
When using Northon Anti Viras it would crash the browser and self installed
itself even if a user did not agree to installation. I do not know if this
problem with Norton AV has been fixed.
But using NOD32 perevents automatic installation and allows a user to close
the browser.
Variant two comes as a Java Cab that tries to install itself automatically
but using Sun Microsystem Virtual Java Machine I can chose not to accept the
installation.
http://www.java.com/en/index.jsp
There are different way that generates the attack. But all involve going to
cantaminated site. One porn video site and click on porn video embeded
pictures, another is just opening a url in a list of many URLs...
Thank you,
Igor Berger
PHSDL
Administrator