<<< NEWS FROM THE LAB - Wednesday, August 18, 2010 >>> ARCHIVES | SEARCH Once Again, Zeus Posted by Mikko @ 10:33 GMT Zeus continues to be one of the most common malware we run into.



Just now we've been watching a spam run with malicious ZIP files attached to them.







Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies. So far, we've seen these filenames:



• 2010 Contract With LC Change 051005.exe

• Flight Attendant-0600003A.exe

• Second chord sounds in world's longest lasting concert - Yahoo! News.exe

• Cancellation Notice.exe

• BURRESS_WEDDING_AUGUST2010.exe

• IN255596.exe

• 2010 expenses.exe

• resume.exe



The malware downloads additional components from two malicious websites in Russia: jocudaidie.ru and zephehooqu.ru.



We block access to the malicious websites and detect the malware as Trojan:W32/Agent.DKJC.









