The Web    Google
Zerolin-B Trojan Accesses Web Site

Zerolin-B Trojan Accesses Web Site
September 27, 2004

Zerolin-B, the youngest bug on the Top Five Malicious Malware list, is a Trojan that also is known as Zerolin-C.

Central Command, Inc., an anti-virus company based in Medina, Ohio, reports that Zerolin-B is the fifth-most wide spread virus for September.

Receiving a low-to-medium threat alert from Sophos, Inc., an anti-virus company based in Lynnfield, Mass, Zerolin-B was first discovered in the wild this past August. The Trojan affects Microsoft Windows operating systems, and attempts to access a remote website by means of an HTTP IFRAME exploit.

Ken Dunham, director of malicious code at iDefense, Inc., says the Trojan has been successful largely because of its size. ''It only has 236 bytes, so it's very small,'' says Dunham. ''It's basically a dropper package designed to get into a system undetected. It's made to drop a file that then downloads code from a remote Web site.''

The Web site that the bug tries to access has been shut down, according to Dunham.

  • 11/1: Bagle-BE Worm Opens TCP Port
  • 1/11: Symbos_Vlasco-B Virus Hits Bluetooth
  • RIM Refutes BlackBerry Buffer Overflow Claim
  • 9/9: BackDoor-CEB.C Remote Access Trojan
  • DNSSEC: For When a Spoof Isn't a Comedy
  • 6/28: Backdoor-CCL Running Wild
  • AOL Touts Increased Broadband Security
  • 6/4: Korgo-D Attacks Buffer Overrun
  • Report: CEOs Stagnant on Security
  • 3/21: Sumon-C an IM and P2P Worm
  • Another University Suffers Security Breach
  • Buy Security Camera