With Zlobs being around for a while

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
With Z's being around for a bit why do so many AV def's still miss
them?   I have them checked out now and then VIA VirusTotal and never
had a great 'hit rate'

Latest:
Authentium    4.93.8    05.23.2007    W32/Downloader.BDTA
BitDefender    7.2    06.09.2007    Trojan.Zlob.BQE
F-Prot    4.3.2.48    06.08.2007    W32/Downloader.BDTA
Kaspersky    4.0.2.24    06.09.2007    Trojan-Downloader.Win32.Zlob.bqu

Just four - not even a 'suspicious' from the other vendors.

Just wondering.

BTW the file was downloaded from(broken into to lines for extra
safety) : hxxp://xxx.activexmediatour
.com/download.php?id=1752


Re: With Zlobs being around for a while


| With Z's being around for a bit why do so many AV def's still miss
| them?   I have them checked out now and then VIA VirusTotal and never
| had a great 'hit rate'
|
| Latest:
| Authentium 4.93.8 05.23.2007 W32/Downloader.BDTA
| BitDefender 7.2 06.09.2007 Trojan.Zlob.BQE
| F-Prot 4.3.2.48 06.08.2007 W32/Downloader.BDTA
| Kaspersky 4.0.2.24 06.09.2007 Trojan-Downloader.Win32.Zlob.bqu
|
| Just four - not even a 'suspicious' from the other vendors.
|
| Just wondering.
|
| BTW the file was downloaded from(broken into to lines for extra
| safety) : hxxp://xxx.activexmediatour
| .com/download.php?id=1752

Because they are being generated almost daily.

They morph all the time.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: With Zlobs being around for a while

wrote:
Quoted text here. Click to load it
Come to think of it I never did try submitting a Zlob that was at
least a few weeks old to see what was reported back.    I have the
current one sitting on the old CPU (and password protected so I don't
accidentally try running it) and I'll send it off to VirusTotal in a
few weeks.


Re: With Zlobs being around for a while



| Come to think of it I never did try submitting a Zlob that was at
| least a few weeks old to see what was reported back.    I have the
| current one sitting on the old CPU (and password protected so I don't
| accidentally try running it) and I'll send it off to VirusTotal in a
| few weeks.

Yeah, this is a NEW variant and a new site.

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: ACTIVEXMEDIATOUR.COM

Registrant:
    Privacyprotect.org
    Domain Admin        (contact@privacyprotect.org)
    PO Box 83-000
    Johnsonville
    All Postal Mails Rejected, visit Privacyprotect.org
    Wellington
    null,6440
    NZ
    Tel. +45.36946676

Creation Date: 06-Jun-2007
Expiration Date: 06-Jun-2008


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline