TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_ZLOB.CCS
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Zlob.abw (Kaspersky), Puper (McAfee), Trojan.Zlob (Symantec), TR/Dldr.Zlob.abw.6 (Avira), Troj/Zlobun-Gen (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_ZLOB.CCS Behavior Diagram

Malware Overview

This memory-resident Trojan may be downloaded from remote sites by other malware. It may also be dropped by other malware or downloaded unknowingly by a user when visiting malicious Web sites.

When executed, it drops a copy of itself with a random file name. It modifies registry entries to enable its automatic execution at every system startup.

This Trojan also checks if the user has visited certain Web sites, which are mostly adult-themed sites. It terminates itself once a match it found. It also attempts to connect to a certain IP address. During testing, the accessed site is found to be empty. This Trojan may need other components to effectively perform its routine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 12, 2008 7:32:57 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.