Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

News & Announcements

Zscaler Research Flips the Script on VBScript Bot

January 27, 2014 - 2 min read

I've worked with a lot of well-known and respected information security companies during the past decade, but Zscaler continues to impress me with the quality of its security research. Today, I wanted to highlight a recent Zscaler ThreatLabZ research blog post, focused on analyzing a VBScript bot.

You can check the link for all of the delicious technical details, but there are a few points here I wanted to highlight:

  • At the time of analysis only 14 out of 50 anti-virus vendors could detect this threat;
  • This is largely because this threat obfuscates (or hides) its code inside an encrypted extension;
  • This threat also establishes "persistence" by copying itself into the Windows startup folder, a registry entry to run at system startup, a copy in the Windows temporary folder, and finally a connection with its command and control server;
  • Once this persistence is established, the command and control server can execute commands to send updates, exfiltrate data and ultimately to uninstall the traces of the malware.

This malware can obtain drive names and types, the contents of a directory, the processes running on the machine and ultimately, it can even execute all DOS commands on the infected machine.

The good news, is that the command and control server appears to be offline; however, this sort of malware serves as both a warning and a reminder about this new breed of advanced threats that can evade detection and establish persistence to inflict long-term damage.

Be sure to stay tuned to for the latest security research from Zscaler.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.