Threat Description

Zasil.B

Details

Aliases: Zasil.B, Windows-Update, Critical Security Hole, Windows Update
Category: Malware
Type:
Platform: W32

Summary


Zasil.B trojan downloader appeared on 25th of June 2003. The following e-mail message was sent to a large amount of people:

Subject:

IMPORTANT!! Critical security hole in Windows!   

Body:

Dear Windows User!  New Windows 9x/2000/NT/XP critical patch has been released.  Due to security problems, your system needs to be updated as earlier as  possible.     You can download an update patch on Windows Update site:  http://www.windows-update.com Best regards, Windows Update Group  


Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


When a recipient clicks on the provided link, his browser connects to the fake windows update site, downloads and activates a file named UPDATE0932.EXE. That file is a downloader called Zasil.B. The downloader connects to another website and fetches the RQ.TXT file. This plain text file contains a link to another executable file. According to reports the RQ.TXT file originally contained a link to WINPWR32.EXE file which is an installation package with a lot of hacker tools and IRC trojans inside. But after some time the contents of RQ.TXT file were changed. At the moment of writing of this description the file contains a link to SVSGHOST.EXE file which is an IRC backdoor (hacker's remote access tool).

Zasil browses the contents of RQ.TXT file, downloads and activates the backdoor file mentioned there. As a result a user's computer becomes infected.

F-Secure Anti-Virus detects the backdoor generically as 'Backdoor.SdBot.gen' with the latest updates. Detection for Zasil.B downloader will be added shortly.





Description Details: F-Secure Anti-Virus Research Team; F-Secure Corp.; June 25th, 2003


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More