 Possible Zbot |
  |
 Mar 5 2010, 03:07 PM
Post
#1
|
|
 New Member  Group: Members Posts: 4 Joined: 26-February 10 From: DC Member No.: 34,203  |
We're seeing a well crafted phishing email being sent around to various government agencies with a link to
dnicenter.com/docs/report.zip Zip file contains an executable, which when able to run and infect, makes a call to updatekernel.com/imgpic/x18d2/d8x16/x98x10.bin The bin file appears to be a config file for Zbot. Currently 1/42 VT http://www.virustotal.com/analisis/78ffd2e...1cee-1267797667 Report provided by Comodo http://camas.comodo.com/cgi-bin/submit?fil...67b14b6fa6a1cee Fairly new user so if I did this wrong please let me know. I didn't attach the file as I am under the impression not to since I'm not an official contributor. -------------------- You can't patch stupid.
|
 |
 
|
|
Mar 5 2010, 03:51 PM
Post
#2
|
|
 Forum Deity Group: Moderators Posts: 6,573 Joined: 29-February 08 Member No.: 2,164 |
Please upload/attach the file.
-------------------- |
|
|
|
|
Mar 5 2010, 03:57 PM
Post
#3
|
|
|
Advanced Member Group: Experts Posts: 182 Joined: 22-January 10 From: Florida, US Member No.: 30,552 |
Could you post a raw copy of the email or send me a copy?
TIA Tom |
|
|
|
|
Mar 5 2010, 04:02 PM
Post
#4
|
|
|
New Member Group: Members Posts: 9 Joined: 11-November 09 Member No.: 24,742 |
Report.exe inside Zip Detected now at Trojan.Zbot by Symantec.
|
|
|
|
|
Mar 5 2010, 04:12 PM
Post
#5
|
|
|
New Member Group: Members Posts: 4 Joined: 26-February 10 From: DC Member No.: 34,203 |
We never received the full email with headers from any of the users who received it, they just forwarded it on to us. And I am unable to attach the file, says I am not authorized to upload the file type of .sitx (I do my malware work on a Mac with StuffIt for zipping files).
-------------------- You can't patch stupid.
|
|
|
|
|
Mar 5 2010, 04:15 PM
Post
#6
|
|
|
Advanced Member Group: Experts Posts: 182 Joined: 22-January 10 From: Florida, US Member No.: 30,552 |
QUOTE (Malhunter @ Mar 5 2010, 11:12 AM)  We never received the full email with headers from any of the users who received it, they just forwarded it on to us. And I am unable to attach the file, says I am not authorized to upload the file type of .sitx (I do my malware work on a Mac with StuffIt for zipping files). On OSX? Just Control-click on the file and OSX will zip it for you. Tom PS For those who want this file here is what I downloaded from the URL
Attached File(s)
|
|
|
|
|
Mar 5 2010, 04:17 PM
Post
#7
|
|
|
Forum Deity Group: Moderators Posts: 6,573 Joined: 29-February 08 Member No.: 2,164 |
QUOTE And I am unable to attach the file, says I am not authorized to upload the file type of .sitx A way to workaround this is to rename the file's extension to zip. @Tom, thanks for the attachment. Plenty of zbots making the rounds lately. -------------------- |
|
|
|
|
Mar 5 2010, 04:37 PM
Post
#8
|
|
|
New Member Group: Members Posts: 4 Joined: 26-February 10 From: DC Member No.: 34,203 |
QUOTE (Malhunter @ Mar 5 2010, 11:12 AM) We never received the full email with headers from any of the users who received it, they just forwarded it on to us. And I am unable to attach the file, says I am not authorized to upload the file type of .sitx (I do my malware work on a Mac with StuffIt for zipping files). Oh bloody hell! I feel like a tard. I'm still really new to the OSX environment and asked a co-worker about how to zip on Mac's. He recommended StuffIt so I went with it. I'll remember to stick to the renaming idea in the future. Sorry for the hassle. -------------------- You can't patch stupid.
|
|
|
|
|
Mar 5 2010, 04:46 PM
Post
#9
|
|
|
Advanced Member Group: Experts Posts: 182 Joined: 22-January 10 From: Florida, US Member No.: 30,552 |
QUOTE (sUBs @ Mar 5 2010, 11:17 AM) A way to workaround this is to rename the file's extension to zip. @Tom, thanks for the attachment. Plenty of zbots making the rounds lately. Just a point of clarification, .sitx is NOT a zip file. It is a stuffit file. On OSX a file(s) can be zipped (eg put in a format that PKZIP on Windows can understand) either by using the command line: zip /path/to/file Or using performing a control click to bring up a menu and then select "Compress" or clicking the file once and then selecting "Compress" from the "file" menu. This will generate a .zip file. |
|
|
|
|
Mar 5 2010, 04:52 PM
Post
#10
|
|
|
New Member Group: Members Posts: 4 Joined: 26-February 10 From: DC Member No.: 34,203 |
QUOTE (dshield @ Mar 5 2010, 11:46 AM) Just a point of clarification, .sitx is NOT a zip file. It is a stuffit file. On OSX a file(s) can be zipped (eg put in a format that PKZIP on Windows can understand) either by using the command line: zip /path/to/file Or using performing a control click to bring up a menu and then select "Compress" or clicking the file once and then selecting "Compress" from the "file" menu. This will generate a .zip file. Thank you for the quick tip, worked just as you said and I have no problem uploading now.
Attached File(s)
-------------------- You can't patch stupid.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 29th July 2010 - 10:23 PM () |