[nsp-sec] Zbot | Zues activity on 10-14-2009
Shelton, Steve
sshelton at Cogentco.com
Thu Oct 15 08:27:25 EDT 2009
Morning!
Did anyone receive any direct love yesterday from the Zbot-Zues crew?
We had a few waves of targeted exploit attempts guised as a Phishing
attempt and wondering if anyone else saw the same or if it was just me
stepping on somebody toes!
Phished URL: hxxp://cogentco.com. wsasdep.eu
/owa/service_directory/settings.php?email=bedsideyurik at cogentco.com&from
=cogentco.com&fromname=bedsideyurik
Payload: /service_directory/settings-file.exe
cogentco.com.wsasdep.eu [211.212.99.60] at 10/14/09 07:42:53 Mountain
Daylight Time
9318 | 211.212.99.60 | HANARO-AS Hanaro Telecom Inc.
Ref:
http://wepawet.iseclab.org/view.php?hash=73d8ed3dad6668d712b5c44049e7f93
4&t=1255528127&type=js
>F-Secure8.0.14470.02009.10.14Trojan-Spy.Win32.Zbot.gen
Steve Shelton
Network Security Engineer
Cogent Communications
More information about the nsp-security
mailing list