Author Topic: Zeus v.  (Read 6487 times)

0 Members and 1 Guest are viewing this topic.

February 23, 2008, 07:57:43 pm
Read 6487 times


  • Newbie

  • Offline
  • *

  • 4
Pretty sure this is the PRG/WNSPOEM trojan everyone is concerned with :).  Figured I'd contribute something back to this great site.


February 24, 2008, 02:28:37 am
Reply #1


  • Guest
Welcome on board,XzifT:)

...some moment in late December,
I had also seen a (supposedly) scrambler meant especially for Zeus samples...
I say 'supposedly',because I hadn't really managed to test it:
executable itself was that much badly packed,that no matter my efforts,
I couldn't get it to run at all,lol...  ;D

Pretty much most of the infamous skiddie tools gathered in a single thread...

...what REALLY makes me wonder is:
why in the world it takes that long for some AV companies,
in order to spot/detect variants of this kind of stuff/builders...
when they can be found simply by monitoring 6-7 widely known 'haxor' forums.
Kind of funny attitude actually...from the one hand,
you have serious and hard-working AV researchers/employees taking down infected hosts,
and on the other hand,AV companies' general policy,
towards the widely known to the public "main" distribution forums/sites,
is to either ignore them,or even worse,to leave them completely 'untouched'...

No need for 'dark' speculations and assumptions here,just my 2 cents towards this situation:
when at this moment,even the most non-technical aware end-user,
can find point-and-click botnet builders within a few minutes of googling...
then it's also at least ridiculous afterwards to see AV companies complain,
because a large majority of end-users claims that AVs generate malware themselves,
in order to make money...
If they don't want to hear such ridiculous statements,well,it's their responsibility:
advertisements regarding 'improved intrusion prevention' modules,bla-blah etc...
All these are nice and well,and obviously no one disagrees:
end-users also don't like the view of tons of vx/skiddie forums,
where automated botnet/trojan builders and rest of crap gets exchanged...
Even say from a strictly commercial respective,
trust gets builded exactly from these common daily facts - simple as that.