Zlob trojan

From Wikipedia, the free encyclopedia

The Zlob Trojan, also known as Trojan.Zlob, is a trojan horse which masquerades as a needed video codec in the form of ActiveX. It was first detected in late 2005. However, it wasn't until mid-2006 that it started gaining attention.^[1] Once installed, it displays popup ads with appearance similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups trigger the download of a fake anti-spyware program (such as Virus Heat) in which the trojan horse is hidden.^[1]

According to F-Secure, a computer security firm, they have discovered 32 variants of this trojan.^[2] Some variants of the Zlob family, like the so-called DNSChanger, adds rogue DNS name servers to the Registry of Windows-based computers^[3] and network settings of Macintosh computers ^[4] and therefore could potentially re-route traffic from legitimate web sites to other suspicious web sites.

PHSDL - Project Honeypot Spam Domains List^[5] tracks and catalogues Zlob spam Domains. Some of the domains on the list are redirects to porn sites and various video watching sites that show a number of inline videos. Clicking on the video to play activates a request to download an ActiveX codec which is malware. It prevents the user from closing the browser in the usual manner. Other variants of Zlob Trojan installation are in the form of computer scan that comes as a Java cab.^[6].

The Zlob Team of computer crackers automatically submit forum comments with the use of automated script program like Xrumer creating forum spam If the links are clicked, the Zlob trojan will force itself into installation. These are often found in the form of medicine and pornography promoting but recently have included for streaming video's websites. The trojan can be hidden in literally anything.

The Zlob trojan is believed to be of Russian origin.