"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:bpk%h.1721$vX4.311@trnddc05:

> From: "Dustin Cook" <spamfilterineffect.see.sig@nowhere.com>
>
>
>| Yes... which leads me to believe it's from central source code,
>| modified just enough to pass thru scanners...
>|
>| Spyware spreads better than any virus I know of at this point....
>| Which is very depressing.
>|
>
> Yes. The vast majority of web sites are registered by ESTDomains.
> New web sites are created weekly as well as new variants. Every
> several weeks or so web sites are shutdown. Every several weeks or so
> there is a major shuift in the motive operandi. The files cahnge,
> their associated icons and their stated purpose. For example one big
> campaign was "codec" and aother "site tickets" while another is "Video
> ActiveX (VAX)".
>
> It should be noted that they are not just producing ZLob Trojans but
> DNSChanger Trojans.

Yep. That's what I've been seeing the last few months, an ever increasing
amount of zlob related trojans.

Ah well, I'll just keep adding them to the signature files. lol


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml