More Zunkers!!!
Analyzing the pattern of the binary file installed by Zunker and comparing it with our samples, we have come across 32 similar files.
On the left, the graphical representation of the binary file belonging to the first Zunker we came across and on the right, the graphical representation of the new similar files we have found.
As you can notice, they are alike. If we compare these graphs with the ones belonging to other malware, such as Gaobot.AAF, we will see that they are very different from these ones.
Analyzing the similar files, we have come across 18 different servers where they were installed:
– 6 of them are active at the present moment.
– 4 of them contain files belonging to Zunker but they don’t seem to be working.
– 8 of them are inactive.
Among the servers that are active, different versions of the bot can be found:
ZUnker 1.4.4-1b
ZUnker 1.4.4-1b-10003
ZUnker 1.4.4b
ZUnker 1.4.5b
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.