Atomic Bob's Stock Forum - The Golden Thread

Forum Home |

Signup |

My Page

Rules |

FAQ |

Boards |

Members |

« ROUND Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next

Re: Thats weird DE,,,,,,,,,,,,

By: Decomposed in ROUND | Recommend this post (0)
Tue, 06 Sep 11 5:13 PM | 52 view(s)
Boardmark this board | De's Test Board

Msg. 34783 of 45644
(This msg. is a reply to 34781 by capt_nemo)
Jump:

My "Dow Futures Down Sharply" post doesn't even have an image in it! I don't see how a mere text message could do anything...

Gold is $1,581/oz today. When it hits $2,000, it will be up 26.5%. Let's see how long that takes. - De 3/11/2013 - ANSWER: 7 Years, 5 Months

- - - - -
View Replies (1) »

» You can also:

Ignore/Hide this poster on all boards (Requires login)
Membermark this member (Requires login)
Email this message to a friend

- - - - -
The above is a reply to the following message:

Re: Thats weird DE,,,,,,,,,,,,
By: capt_nemo in ROUND
Tue, 06 Sep 11 4:58 PM

Msg. 34781 of 45644

No chit, Just checked the history of my anti virus, and it was a password stealer, Never had that happen before..... It deleted it right away. Just wish I knew where it came from.....

This is what the file is called
PWS:win32/zbot

EDIT,,,,,,,,,,,,,,, did some checking, this sure has the smell of gumpie hacks,,,,,,,,,,
Technical Information (Analysis)
PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain Web sites. It allows limited backdoor access and control and may terminate certain security-related processes.
Installation
When executed, PWS:Win32/Zbot drops a copy of itself as any of the following files:

\ntos.exe
\sdra64.exe
\twex.exe

Note - refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.

It also drops the following files, containing encrypted data used by the trojan, under the folder "\wsnpoem\":

audio.dll
video.dll

It also creates the following encrypted log file, in which it presumably writes all stolen data:

\twain_32\user.ds

PWS:Win32/Zbot modifies the registry to ensure that its copy is executed at each Windows start:

Adds value: "userinit"
With data: "\userinit.exe,\"
To subkey: HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon

where is any of the file names mentioned above.

It also injects its code in the following processes:

explorer.exe
lsass.exe
svchost.exe
winlogon.exe

PWS:Win32/Zbot also hides its processes and registry entry to avoid detection.
Payload
Steals sensitive data
PWS:Win32/Zbot steals login credentials whenever a user goes to certain Web sites, such as the following:

https://onlineeast#.bankofamerica.com/cgi-bin/ias/*/GotoWelcome
https://www.e-gold.com/sci_asp/payments.asp

It also monitors if the computer opens the "WebMoney Keeper Classic" program.

It may also attempt to steal the following sensitive information from the computer:

Certificates
Cached passwords
Cookies

Allows backdoor access and control
PWS:Win32/Zbot may download a configuration file from the Internet, which is capable of doing the following:

Rename the bot
Get certificates
Block URLs
Unblock URLs
Delete files
Download files

Terminates security processes
PWS:Win32/Zbot checks for the following security-related processes and terminates them if found:

outpost.exe (executable for Outpost Firewall)
zlclient.exe (executable for Zone Alarm Firewall)

Analysis by Francis Allan Tan Seng

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/Zbot

« ROUND Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next

Disclaimer:

DON'T BELIEVE A DAMN WORD YOU READ ON THIS WEBSITE!

The reader is responsible for discerning the validity, factuality or implications of information posted here, be it fictional or based on real events. Moderators on this forum make every effort to review the material posted on this site however, it is not realistically possible for a one man team to manually review each and every one of the posts atomicbobs.com gets on a daily basis.

The content of posts on this site, including but not limited to links to other web sites, are the expressed opinion of the original poster and are in no way representative of or endorsed by the owners or administration of this website. The posts on this website are the opinion of the specific author and are not statements of advice, opinion, or factual information on behalf of the owner or administration of Atomicbob’s. This site may contain adult language, if you feel you might be offended by such content, you should log off immediately.

Not all posts on this website are intended as truthful or factual assertion by their authors. Some users of this website are participating in internet role playing, with or without the use of an avatar. NO post on this website should be considered factual information on face value alone. Users are encouraged to

USE DISCERNMENT

and do their own follow up research while reading and posting on this website. Atomicbobs.com reserves the right to make changes to, corrections and/or remove entirely at any time posts made on this website without notice. In addition, Atomicbobs.com disclaims any and all liability for damages incurred directly or indirectly as a result of a post on this website.

This website implements certain security features in order to prevent spam and posting abuse. By making a post on this website you consent to any automated security checks required by our system to authenticate your IP address as belonging to an actual human. It is forbidden to make posts on this website from open proxy servers. By making a post on this website you consent to an automated one time limited port scan of your IP address which is required by our security system to validate the authenticity of your internet connection.

This site is provided "as is" without warranty of any kind, either expressed or implied. You should not assume that this site is error-free or that it will be suitable for the particular purpose which you have in mind when using it. In no event shall Atomicbobs.com be liable for any special, incidental, indirect or consequential damages of any kind, or any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.

Some events depicted in certain posting and threads on this website may be fictitious and any similarity to any person living or dead is merely coincidental. Some other articles may be based on actual events but which in certain cases incidents, characters and timelines have been changed for dramatic purposes. Certain characters may be composites, or entirely fictitious.

We do not discriminate against the mentally ill!

Fair Use Notice:

This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to civil rights, economics, individual rights, international affairs, liberty, science & technology, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law.

At some point freedom of speech and copyright law merge. The following interpretation of "Fair Use" and subsequent posting policy were developed with the assistance of qualified legal council however, we are not lawyers and cannot offer you legal advise as to the limits of "Fair Use"

In accordance with industry accepted best practices we ask that users limit their copy / paste of copyrighted material to the relevant portions of the article you wish to discuss and no more than 50% of the source material, provide a link back to the original article and provide your original comments / criticism in your post with the article.

Though legally each situation is evaluated independently according to guidelines that were intentionally left open to interpretation, we believe generally this policy represents "Fair Use" of any such copyrighted material for the purposes of education and discussion.

You are responsible for what you "publish" on the internet. You must be sure any copyrighted material you choose to post for discussion on this forum falls within the limits of "Fair Use" as defined by the law.

For more information please visit:

The Electronic Frontier Foundation website

If you are a legal copyright holder or a designated agent for such and you believe a post on this website falls outside the boundaries of "Fair Use" and legitimately infringes on yours or your clients copyright

we may be contacted concerning copyright matters at:

Atomic Bob’s
RT 2 Box 257-20
Nowata, OK 74048
Phone: 918-273-8276
E-Mail: abgtbob -at- gmail.com

If you require a courier address please send a fax or email and we will provide you with the required information.

For expedited human review & removal of potential copyright violations we encourage users & copyright holders to utilize the "Report Copyright Violation" button that accompanies each post published on this website.

In accordance with section 512 of the U.S. Copyright Act our contact information has been registered with the United States Copyright Office. "Safe Harbor" noticing procedures as outlined in the DMCA apply to this website concerning all 3rd party posts published herein.

If notice is given of an alleged copyright violation we will act expeditiously to remove or disable access to the material(s) in question. It is our strict policy to disable access to accounts of repeat copyright violators. We will also ban the IP address of repeat offenders from future posting on this website with or without a registered account.

All 3rd party material posted on this website is copyright the respective owners / authors. Atomicbobs.com makes no claim of copyright on such material.

Please be aware any communications sent complaining about a post on this website may be posted publicly at the discretion of the administration.

---

DON'T BREAK THE LAW!

---

Other than that you can do / say whatever you want on this forum.

We reserve the right to block access to this website by any individual or organization at any time for any reason whatsoever or no reason at all.

This Disclaimer is subject to change at anytime.