Bitdefender security researcher come across a malicious website that presents extreme dangers to users ,infecting systems with Zbot.
The site opens a HTML page that simply displays "Please wait page is loading..." , a malicious JavaScript code redirects users to another malicious java script.
"This second JavaScript file (Trojan.JS.Redirector.YF) is called js.js and is stored in a folder with a randomly generated name. Itappears this malicious JS file has been planted on a multitude of servers that host otherwise clean websites, probably as a result of FTP credentials theft. This script has the sole purpose of redirecting the user to the exploit page, the final stop in this redirection trip." researchers wrote in the Malware city page.
"The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) – a front for a well-known exploit (CVE-2010-0840) which now is used to download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised systems."
Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with backdoor and server capabilities, known to collect from its victims bank-related information, login data, history of the visited Web sites and other sensitive details. Some versions may even snatch screenshots of the compromised machine's desktop.
The site opens a HTML page that simply displays "Please wait page is loading..." , a malicious JavaScript code redirects users to another malicious java script.
"This second JavaScript file (Trojan.JS.Redirector.YF) is called js.js and is stored in a folder with a randomly generated name. Itappears this malicious JS file has been planted on a multitude of servers that host otherwise clean websites, probably as a result of FTP credentials theft. This script has the sole purpose of redirecting the user to the exploit page, the final stop in this redirection trip." researchers wrote in the Malware city page.
"The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) – a front for a well-known exploit (CVE-2010-0840) which now is used to download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised systems."
Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with backdoor and server capabilities, known to collect from its victims bank-related information, login data, history of the visited Web sites and other sensitive details. Some versions may even snatch screenshots of the compromised machine's desktop.
