Zlob marked a new era in the world of Trojan viruses.
In the past years cyber criminals would create a virus, test it in the wild, and if the results were disappointing, they would quit the project and passed onto a new venture.
With zlob, it was different.
Created in 2005, this piece of malware has seen multiple corrections and improvements which made it stronger, prone to antimalware programs, aggressive in exploiting Windows vulnerabilities, resistant to antivirus scanners.
I suspect that the guys who stand behind zlob did no expect millions of computers to be infected with it, but they quickly realized that zlob was going to take over the web, and used it to distribute fake antispyware programs.
As you probably know, Trojan viruses are not meant to cause system-wide troubles like blue screen of death (commonly referred to as BSOD) or corrupt application start-up environment.
Rather, they serve most apparent goal - provide to remote attackers virtually unlimited access to infected computers.
Computers compromised by Trojan downloader zlob are being bombed with ads, scary warnings and offers to run some kind of "free scan".
Because zlob exists in many variations which are used to promote over a hundred of rogue security programs, the combination of hijacked desktop wallpaper, warnings displayed allegedly on behalf of Windows Security Center, and pop-ups make the symptoms of infection look quite different on different computers.
The zlob virus paves the way for parts of malware to creep into the system bypassing existing means of protection.
It is very important to know that antivirus protection is not enough to prevent the infection.
Of course, there are antivirus programs that correctly identify the threat at the entrance and block it immediately, but it has been reported as well that OEM workstations and laptops with preinstalled Internet Security Suites miss traces of zlob altogether.
Zlob is also known as DNS changer, which means this Trojan can block access to the web on the infected machine.
Or, after its successful removal Internet connection may be suddenly dropped off.
What's more, Zlob can hijack traffic after logging onto routers.
This is easily achieved by the coders because most people never change default passwords on routers.
It's interesting to know how zlob distributes itself.
Email spam has remained in the days gone.
Now the trojan is presented in the form of video codec.
Videos are available on millions of websites on the web.
Flash animation is ubiquitous.
Multimedia content abounds.
Because there are quite many formats of video and audio encoding, it's not uncommon to come across a website that requires some special plugin, browser add-on, or codec update.
Creators of zlob exploited multimedia abundance by creating codecs with integrated malicious code.
When a surfer is redirected to a website (or goes directly from a search engine), an innocently-looking windows pops up informing about "missing codec".
Then it takes just a mouse-click to get infected and start receiving continuous ads about spyware infection, registry errors and the like.
This malware alone demonstrates how intelligent web threats have become, and the concept of "safe surfing" is yet to be developed to reflect the ubiquity of trojan viruses like Zlob.