Zlob activity update

Zlob gang is still quite active. The latest sample we received (detected as Troj/Zlob-ACE) uses several tricks to entice user to download some of the fake anti-malware programs such as Antiviruspcsuite, MalwareWiped and PestCapture. All domains used by these fake tools are blocked by WSA 1000 (web security appliance).

A social engineering trick I have not seen before is this image, which attempts to make the unsuspecting user to believe that Windows Security Center is recommending installation of few “well known”, but fake anti-malware products.

Posted on May 4th, 2007 by Vanja Svajcer, SophosLabs, UK
Filed under: Uncategorized

Windows 7 security - A great leap forward or business as usual?

About SophosLabs

SophosLabs protects businesses from known and emerging malware - viruses, rootkits and spyware - and other computer threats like phishing, spam and scams. Learn more about the people who write this blog.

RSS feed

Hot video

International Kill-A-Zombie Day

SophosLabs blog

Related posts

About SophosLabs

Subscribe

Hot video

Recent posts

Categories

Archives

Sophos blogs

In this section

SophosLabs blog