Smitfraud

alexcrist

Hello,

I attached 3 archives, all of them related to the Smitfraud malware:

- Video_add_on.zip << contains 2 Zlob viruses. They are detected by BitDefender, but there are also some files that are not detected (and I think they are also malware)

- Virus.zip << Contains 3 url's pointing to the same site. These URL's were placed in the StartMenu and in IE's Favorites menu by Smitfraud. I tested the site on Virtual Machine, but it responds very hard. I'm not sure if it really contains malware, but given the circumstances, it's worth a look

- moywh.zip << contains the actual SmitFraud DLL file. This is not detected by BitDefender.

All 3 ZIPs are protected by the password infected.

Cris.

/applications/core/interface/file/attachment.php?id=1165" data-fileid="1165" rel="">moywh.zip

/applications/core/interface/file/attachment.php?id=1166" data-fileid="1166" rel="">Video_Add_on.zip

/applications/core/interface/file/attachment.php?id=1168" data-fileid="1168" rel="">Virus.zip

Cd-MaN

Signed as Trojan.Zlob.GK. Detection will be available after the next update.

Best regards.

alexcrist

New Smitfraud samples (not detected).

Password: infected

/applications/core/interface/file/attachment.php?id=1280" data-fileid="1280" rel="">SmitFraud.zip

Unknown

Thank you for the samples!

Signed as Trojan.Zlob.CBQ. Detection will be available after the next update.

kind regards,

Marius Botis

alexcrist

This is a different (undetected) version of the file I previously attached. It seems that Zlob generates files with the same names, but with different content (and different sizes).

Cris.

/applications/core/interface/file/attachment.php?id=1296" data-fileid="1296" rel="">ampkfst.zip

Cd-MaN

Detected as Trojan.Downloader.Zlob.ABIJ. Thank you for the sample.

Best regards.