[nsp-sec] Zbot | Zues activity on 10-14-2009
Shelton, Steve
sshelton at Cogentco.com
Thu Oct 15 14:53:52 EDT 2009
Guy's
Thanks for the replies and feedback! Just wanted to make sure it was
not as a result of nuking actions the previous day.
As of late, it seems we have at least one enterprise biz that was
targeted as well.
Steve Shelton
Security Engineer
Cogent Communications
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Shelton,
Steve
Sent: Thursday, October 15, 2009 6:27 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] Zbot | Zues activity on 10-14-2009
----------- nsp-security Confidential --------
Morning!
Did anyone receive any direct love yesterday from the Zbot-Zues crew?
We had a few waves of targeted exploit attempts guised as a Phishing
attempt and wondering if anyone else saw the same or if it was just me
stepping on somebody toes!
Phished URL: hxxp://cogentco.com. wsasdep.eu
/owa/service_directory/settings.php?email=bedsideyurik at cogentco.com&from
=cogentco.com&fromname=bedsideyurik
Payload: /service_directory/settings-file.exe
cogentco.com.wsasdep.eu [211.212.99.60] at 10/14/09 07:42:53 Mountain
Daylight Time
9318 | 211.212.99.60 | HANARO-AS Hanaro Telecom Inc.
Ref:
http://wepawet.iseclab.org/view.php?hash=73d8ed3dad6668d712b5c44049e7f93
4&t=1255528127&type=js
>F-Secure8.0.14470.02009.10.14Trojan-Spy.Win32.Zbot.gen
Steve Shelton
Network Security Engineer
Cogent Communications
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list