Zasil.B

Classification

Malware

-

-

Zasil.B, Windows-Update, Critical Security Hole, Windows Update

Summary

Zasil.B trojan downloader appeared on 25th of June 2003. The following email message was sent to a large amount of people:

Subject:

IMPORTANT!! Critical security hole in Windows!
 

Body:

Dear Windows User!
New Windows 9x/2000/NT/XP critical patch has been released.
Due to security problems, your system needs to be updated as earlier as
possible.

 You can download an update patch on Windows Update site:
http://www.windows-update.com Best regards, Windows Update Group

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

When a recipient clicks on the provided link, his browser connects to the fake windows update site, downloads and activates a file named UPDATE0932.EXE. That file is a downloader called Zasil.B. The downloader connects to another website and fetches the RQ.TXT file. This plain text file contains a link to another executable file. According to reports the RQ.TXT file originally contained a link to WINPWR32.EXE file which is an installation package with a lot of hacker tools and IRC trojans inside. But after some time the contents of RQ.TXT file were changed. At the moment of writing of this description the file contains a link to SVSGHOST.EXE file which is an IRC backdoor (hacker's remote access tool).

Zasil browses the contents of RQ.TXT file, downloads and activates the backdoor file mentioned there. As a result a user's computer becomes infected.

F-Secure Anti-Virus detects the backdoor generically as 'Backdoor.SdBot.gen' with the latest updates. Detection for Zasil.B downloader will be added shortly.

Date Created: -

Date Last Modified: -