Talk:Zlob trojan

Computing Low‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Low	This article has been rated as Low-importance on the project's importance scale.
	This article is supported by WikiProject Computer Security.

Hold on a minute[edit]

There seems to be a bit of an edit war.

First off: ad-spyware is not a term, hence why trojan is MUCH more effective.

Post a note here if you have any objection. Do not edit for sake of editing.

Screen317 01:47, 4 November 2007 (UTC)[reply]

Alow me to introduce myself[edit]

You do not say ad-spyware but Adware

Also I have edited the page a bit ading additional information while keeping the original information in tack.

I am a developer of PHSDL and I track Zlob with castlecops.com

You are welcome to contribute more information that you find relevent to Zlob, but please do not make major changes to the paragraph that I added about PHSDL and how ActiveX is forced on the user.

Looking forward on working together. Please refer to my Wiki talk if you have a question about PHSDL authority.

Thank you, Igor Berger (talk) 23:10, 21 November 2007 (UTC)[reply]

I stumbled across this page and noticed that it seems to be lacking in updated terms and information. The most correct term for adware would now be malware. There is also a reference to the possible problems with shutting down some servers 3 years ago. There were no problems. Further this form of malware has continued unabated and is found on many computers I personally repair (in 2015) the FBI in the USA again got things wrong and they had very little effect on the spread of this particular malware. It is only the increasing identification rate by antivirus programs that has slowed this malware. Perhaps someone should edit the page to updated and correct information. — Preceding unsigned comment added by 180.216.68.132 (talk) 12:57, 15 January 2015 (UTC)[reply]

Hello Igor![edit]

Thank you for your contribution. I am familiar with PHSDL and appreciate all of the work CastleCops does (I work at SWI).

With that said, I suggest a couple minor changes to your paragraph. Please read my revision as follows:

The PHSDL, or Project Honeypot Spam Domains List[2], tracks and catalogs Zlob Spam Domains. Most of the domains on the list are redirects to pornographic websites that show a number of inline videos. Clicking on the video to play activates a request to download a malicious ActiveX codec. During this time, the user is prevented from closing your browser, with the exception of opening the Task Manager (by pressing Control, Alt, and Delete at the same time), then manually shutting down the browser process.

______

"Zlob Team of computer crackers automatically submit forum comments with the use of automated script program like Xrumer creating Forum spam."

I don't understand this part^ Please elaborate. I tracked Zlob to Russia... Zlob it is in Russian, so just use a translater.

You know what is a cracker vs a hacker?

______

"For Zlob trojan infection removal help visit Castlecops Forum[3]"

This is biased against the many other antispyware forums, and Wikipedia does not promote a bias point of view.

Do not want to be biased but figured to add a few sources to experts in Zlob Trojan. If you think we shoud remove we can do, or add a few more antispam forums. Maybe make a small subsection and explain what an anti Spam forum is and how it works and show examples of a few. I think that would be unbaised.

That is how all articles on technology and practical application are. Sory about my sentence stucture! Please DigIn and apply your knowledge, let's work together on this. You are welcome to make changes. And I will give it a lookSee and we keep going. Igor Berger (talk) 06:43, 25 November 2007 (UTC) ______[reply]

Screen317 (talk) 01:47, 25 November 2007 (UTC)

I referenced Honeypot (computing) for format and there is precedence for putting resource links, there is even product and services in external link section with a link to DMOZ. But sending people to DMOZ may not be the best solution, because of the letency in directory update. So the way it looks now, is good. If you can help me with my sentence structure will be great. Igor Berger (talk) 16:33, 25 November 2007 (UTC)[reply]

Notability[edit]

Ok, I added a few third-party references to show zlob's notability. I was unsure if this subject was notable enough to stay on Wikipedia, but after looking for sources, I believe it is. I did found a couple of sites that may be useful with expanding this article: [1] and [2]. I already used them in the article so you can just put <ref name=tm/> or <ref name=MacTrojan/>, respectively. Rocket000 (talk) 14:39, 26 November 2007 (UTC)[reply]

Removal[edit]

Maybe we could put a section on removing it or more information on what it does, because, apparently, LOTS of people have it

Viet|Pham (talk) 00:16, 9 May 2008 (UTC)Andy[reply]

well, i removed it with malwarebytes, and i removed it from a friends computer with spyboy S&D --71.238.13.138 (talk) 03:14, 2 July 2009 (UTC)[reply]

Non-encylopedic phrase[edit]

"The trojan can be hidden in literally anything" doesn't sound very encyclopedic, nor is it true. It does not lurk in raw ASCII text files, for instance. "Literally anything" could mean it's hiding in my mousepad.

I would also caution against instructions for removal. One, WP is not a how-to. Secondly, I doubt WP wants the liability of a limited-talent user screwing up their system and claiming they were only following WP's instructions.

JeramieHicks (talk) 22:08, 7 October 2008 (UTC)[reply]

Mac version[edit]

This article is very confused - the ZLob ActiveX Trojan is NOT the same as the DNSChanger Mac Trojan. The 32 versions stated are of the mac version too. I think this should be split into two articles, as they appear to be two trojans by the same team SmackEater (talk) 19:39, 11 November 2009 (UTC)[reply]

Report[edit]

I've removed this line because it does not make sense and it's not very encyclopedic and has grammar mistakes:

"Other names include w32 and it is able to co-comuinicate with the Vundo trojan horse if the victum is using a rouge clone of SpyBot Search and Destroy"

W32 is not a name just for Zlob, several viruses not related to Zlob also has W32 in their names.

The part with Vundo is probably false unless someone could provide a citation. ___________________________________________________________________________________________

Anyways, researchers have "received" a message from the creator of Zlob. Shouldn't this be squeezed into the article?

The End of Zlob

Securityadvisor - Talk | Contribs 00:16, 23 January 2009 (UTC)[reply]

Clarification needed[edit]

"It prevents the user from closing the browser in the usual manner." Could probably use some clarification.

Not sure if this is too obscure to warrant a mention on the talk page. I'd have edited itself, if I knew, but I don't, and getting infected to find out doesn't seem like such a worthy investment. This is my first time using a talk page; I pre-emptively apologize for any and all mistakes in etiquette or subject.

--DominicBuch (talk) 04:21, 7 June 2010 (UTC)[reply]

Content of Article[edit]

It sounds like much of the content of this article needs to be stripped and moved to an article on PHSDL. The PHSDL article could be linked to by the Zlob article, but for now, there is more content about PHSDL in this article than Zlob. I am attempting to write a systematic series of templated articles on different malware, campaigns, and families. Much of this work will consist of disambiguation of articles like this. Please comment on changes as they are made, and let me know if you disagree. Hushedfeet (talk) 17:14, 11 April 2012 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 3 external links on Zlob trojan. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 22:54, 20 July 2016 (UTC)[reply]