Page 8 - index
P. 8
The experts at MalwareBytes discovered that running the malicious file the executable
deletes the original file, placing additional hidden folders and files on the infected
machine.
"That particular foldername shows up in a couple of sandbox reports and other pieces of
analysis, including Malwr, a Joe Sandbox report and Lavasoft with the last two
referencing a dayzstreaming website offering up yet more files."
Malwarebytes Anti-Malware detects the above as Spyware.Zbot.ED, and it is currently
pegged at 39/49 on VirusTotal.
The malicious domain is full of other malicious elements a good reason to consider
typosquatting a serious menace. A good practice is to be sure to double-check any and
all “gox” themed URLs sent your way.
Typosquatting could be effective to arrange phishing campaigns or to serve malicious
code such as spyware and Bitcoin miner, good advice is to double check URLs before
submit them.
Source: Pierluigi Paganini, Editor-in-Chief, CDM
8 Cyber Warnings E-Magazine – December 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
