In association with heise online

15 January 2009, 12:03

Virus creator taunts Windows Defender Team with New Year greeting

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In a variant form of the Zlob Windows trojan, its author has concealed a message wishing Microsoft's Windows Defender Team a Happy New Year and praising its work. He had already secreted a message in his version of the worm in October 2008, saying "I want to see your eyes the man from Windows Defender's team". His new message says "Hello from Russia", wishes the Team a Happy New Year, and expresses surprise at Microsoft's speedy reaction to new threats.

He hints that he has long been working on malicious programs, having written code to exploit a critical vulnerability in Windows years ago, and claims that Microsoft once offered him a job "to help improve some of Vista's protection". "It's not interesting for me, just a life's irony", he concludes, saying he will shortly be dropping Zlob, though not because of Microsoft's work.

The Zlob trojan has been in the wild since late in 2005 and has at least 32 variations. One variant is designed so that, once it has infected a Windows PC, it looks for network routers, using a built-in list of common default user names and passwords. Once it finds and cracks a router, it then makes changes to the DNS settings to re-direct internet traffic to the attackers servers.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit