I've worked with a lot of well-known and respected information security companies during the past decade, but Zscaler continues to impress me with the quality of its security research. Today, I wanted to highlight a recent Zscaler ThreatLabZ research blog post, focused on analyzing a VBScript bot.
You can check the link for all of the delicious technical details, but there are a few points here I wanted to highlight:
This malware can obtain drive names and types, the contents of a directory, the processes running on the machine and ultimately, it can even execute all DOS commands on the infected machine.
The good news, is that the command and control server appears to be offline; however, this sort of malware serves as both a warning and a reminder about this new breed of advanced threats that can evade detection and establish persistence to inflict long-term damage.
Be sure to stay tuned to research.zscaler.com for the latest security research from Zscaler.