Bitdefender security researcher come across a malicious website that
presents extreme dangers to users ,infecting systems with Zbot.
The site opens a HTML page that simply displays "Please wait page is
loading..." , a malicious JavaScript code redirects users to another
malicious java script.
and is stored in a folder with a randomly generated name. Itappears this
malicious JS file has been planted on a multitude of servers that host
otherwise clean websites, probably as a result of FTP credentials theft.
This script has the sole purpose of redirecting the user to the exploit
page, the final stop in this redirection trip." researchers wrote in
the Malware city page.
"The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user
finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) – a
front for a well-known exploit (CVE-2010-0840) which now is used to
download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised
systems."
Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with
backdoor and server capabilities, known to collect from its victims
bank-related information, login data, history of the visited Web sites
and other sensitive details. Some versions may even snatch screenshots
of the compromised machine's desktop.
presents extreme dangers to users ,infecting systems with Zbot.
The site opens a HTML page that simply displays "Please wait page is
loading..." , a malicious JavaScript code redirects users to another
malicious java script.
[You must be registered and logged in to see this link.]
"This second JavaScript file (Trojan.JS.Redirector.YF) is called js.js and is stored in a folder with a randomly generated name. Itappears this
malicious JS file has been planted on a multitude of servers that host
otherwise clean websites, probably as a result of FTP credentials theft.
This script has the sole purpose of redirecting the user to the exploit
page, the final stop in this redirection trip." researchers wrote in
the Malware city page.
"The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user
finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) – a
front for a well-known exploit (CVE-2010-0840) which now is used to
download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised
systems."
Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with
backdoor and server capabilities, known to collect from its victims
bank-related information, login data, history of the visited Web sites
and other sensitive details. Some versions may even snatch screenshots
of the compromised machine's desktop.