Select Page

Zlobthreat1231239
Reboot and here’s what your desktop looks like after installing one of these.

zsvcompany(dot)com
bcnproduction(dot)com
mojtechnology(dot)com
vaulimited(dot)com

All trojans — fake zlob media codecs.

The main page will show an error; as is standard practice these days, the binaries are actually downloaded from a subdirectory (usually something like /download(dot)php?id=4082).

Detection by all engines is very poor on these (Sunbelt Sandbox report on zsvcompany here, VT results here). We will have detections out shortly.

Alex Eckelberry
(thanks Bharath)