While ZLOB has been tracked in more than 1,000 renditions since late 2005, several security firms reported that the latest ZLOB outbreak takes social engineering to a new extreme to lure people into its trap.
In its latest rendition, ZLOB makes its way into computers by playing on people's desire to view video online. The overall tactics are simple: A person receives a link to an online video. The video is allegedly something enticing, such as a popular TV episode or some sort of pornography.
The recipient then visits the site and finds a very convincing Web page that includes an embedded Windows Media Player control. But the video won't play. A message tells the visitor that Windows Media Player is missing a codec and to play the video the codec must be installed. A link is provided inside the media player to download the alleged codec, and when the installer runs, it even includes a very convincing end-user license dialog, further masking the fact that what's about to take place is the installation of a Trojan.
"At a time when the demand for digital video is at its peak, ZLOB found a viable, gullible target market. After all, the said demand for videos is almost tantamount to an increased demand for codecs. Add the fact that there's a myriad of available formats a video can be encoded into (AVI, MPEG, MP4, and WMV, among others), and that there are numerous codec Web sites easily accessible in the Internet, all ZLOB needs to do is put up a fake codec Web site and wait for hasty, desperate video watchers to click on the Download Now! link. That's when the real show starts," wrote a spokeperson for TrendMicro at the company's Web site.
ZLOB is essentially a package delivery vehicle that can be instructed to download other files onto an affected system. So the exact nature of the intended purpose of the Trojan varies widely.
"If there's anything to be learned from the changing threat landscape, it's that malware can -- and will -- go at great lengths for profit. This Trojan family is no exception," the spokesperson continued.