Zeus continues to be one of the most common malware we run into.Just now we've been watching a spam run with malicious ZIP files attached to them.Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies. So far, we've seen these filenames: • 2010 Contract With LC Change 051005.exe • Flight Attendant-0600003A.exe • Second chord sounds in world's longest lasting concert - Yahoo! News.exe • Cancellation Notice.exe • BURRESS_WEDDING_AUGUST2010.exe • IN255596.exe • 2010 expenses.exe • resume.exeThe malware downloads additional components from two malicious websites in Russia: jocudaidie.ru and zephehooqu.ru.We block access to the malicious websites and detect the malware as Trojan:W32/Agent.DKJC.
