Home > Emerging Threats, Malwares > Mac OS X: 2007 Year Ender for Zlob

Mac OS X: 2007 Year Ender for Zlob

Zlob has been proliferating in Windows platform since 2005. It only started as simple trojan downloader and stealer which is capable to check and update itself.

Then, it was last year when this trojan stand-out to the crowd of other competing malwares. A new variant arrived to users via email employing social engineering tactics to attract users in clicking the link to video. However, the video does not play successfully without installing the required codec. This tricky behavior persuades the user to install the fake codec – unknowingly, the user has just installed the malware!

The spurs of shares, free downloads, blogs and social websites has become a perfect time for Zlob to infiltrate networks. Evidently, the increasing domain names and clicks have been utility for Zlob to stay visible in search engines.

Yes, all of this works in Windows until late this year (November), this trojan crosses over to Mac specifically OS X. Suddenly, a list of domain names is capable to download installers both for Windows and Mac users. Domain names hosting Zlob fake codec for Mac user does not sleep, it stays online 24×7 and it’s increasing in numbers. It’s out there in-the-wild!

create avatar

These sites are smart enough to check if you are running in Windows or Mac. Then, it gives you the right installer either in Windows Executable (EXE) or Disk Image (DMG) for Mac.

Who’s behind Zlob? Let’s investigate its network connection …

Web Site: http://codecdemo.com


NET —-> gw1.cernel.net []–> AS27595

Intercage [AS27595] is hosted by Atrivo in US, which apparently related to Russian Business Network(RBN). This domain host different names related to fake codec and rogue applications such as spysheriff, winspykiller, AntiVirGear and lot more.
In conclusion, the massive increase of sophisticated and organize cyber crimes boils to pursuit of profit and Mac users are no longer subject to proof-of-concept. The world’s known worst attackers are now introducing web base cross platform malware and this should increase awareness.
  1. No comments yet.
  1. August 30, 2008 at 2:19 pm
  2. March 9, 2009 at 10:21 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: