NEWS FROM THE LAB - Friday, December 16, 2005

Who axed you? Posted by Dan @ 16:41 GMT


Stefan has spent a considerable amount of time lately here in the Anti-Spyware lab looking into SpyAxe. Downloaded and installed by Trojan-Downloader.Win32.Zlob, SpyAxe is nice enough to detect the Trojan that downloads it, but it won't disinfect it unless you pay for a SpyAxe license, $49.50 U.S. (plus a nonimal $2.95 transaction fee). I wouldn't dare pay for a licensed copy to verify that removal is actually done, but I have my doubts.

An annoyance at first, but there seems to have recently been a huge spike in the distribution of Zlob. We found a way to see how many unique registration IDs have been handed out by the site Zlob registers with. Most of the day, there seemed to be about 1,000 new infections per hour, but now that the U.S. is waking up & powering on their computers, that number has risen to about 2,500 infections per hour. I'd guess that we can expect to see many more variants to come.

We have published detection for today's Zlob variant, named Zlob.CY, in the 2005_12_16_02 Virus update.