Alert Zlob Trojan using other domains besides Porn

[PHSDL <ad...@phsdl.net>]

I just got a post with a free Web service domain url with flower sho file 
name and glass sho file names that once I went to that url, there was a long 
list of URLs  that when clicked redirected to a Malware domain that pretends 
to scan your computer.

One of the redirecting domains is yourflowershow.com

Zlob Trojan is morphing from Porn to general domains and URLs this is very 
dangerous...

Igor Berger
PHSDL
Administrator 

Zlob Troian Spam Domain Variants

[PHSDL <ad...@phsdl.net>]

I am aware of two Zlob Trojan redirect domains variants.

One is in the forum of an ActiveX that tries to install itself when a 
contaminated Website is opened in a Browser.
When using Northon Anti Viras it would crash the browser and self installed 
itself even if a user did not agree to installation. I do not know if this 
problem with Norton AV has been fixed.

But using NOD32 perevents automatic installation and allows a user to close 
the browser.

Variant two comes as a Java Cab that tries to install itself automatically 
but using Sun Microsystem Virtual Java Machine I can chose not to accept the 
installation.
http://www.java.com/en/index.jsp

There are different way that generates the attack. But all involve going to 
cantaminated site. One porn video site and click on porn video embeded 
pictures, another is just opening a url in a list of many URLs...

Thank you,
Igor Berger
PHSDL
Administrator