Talk:Zlob trojan

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Security (Rated Stub-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computer Security.
Note icon
This article has been automatically rated by a bot or other tool as Stub-Class because it uses a stub template. Please ensure the assessment is correct before removing the |auto= parameter.

Hold on a minute[edit]

There seems to be a bit of an edit war.

First off: ad-spyware is not a term, hence why trojan is MUCH more effective.

Post a note here if you have any objection. Do not edit for sake of editing.

Screen317 01:47, 4 November 2007 (UTC)

Alow me to introduce myself[edit]

You do not say ad-spyware but Adware

Also I have edited the page a bit ading additional information while keeping the original information in tack.

I am a developer of PHSDL and I track Zlob with

You are welcome to contribute more information that you find relevent to Zlob, but please do not make major changes to the paragraph that I added about PHSDL and how ActiveX is forced on the user.

Looking forward on working together. Please refer to my Wiki talk if you have a question about PHSDL authority.

Thank you, Igor Berger (talk) 23:10, 21 November 2007 (UTC)

I stumbled across this page and noticed that it seems to be lacking in updated terms and information. The most correct term for adware would now be malware. There is also a reference to the possible problems with shutting down some servers 3 years ago. There were no problems. Further this form of malware has continued unabated and is found on many computers I personally repair (in 2015) the FBI in the USA again got things wrong and they had very little effect on the spread of this particular malware. It is only the increasing identification rate by antivirus programs that has slowed this malware. Perhaps someone should edit the page to updated and correct information. — Preceding unsigned comment added by (talk) 12:57, 15 January 2015 (UTC)

Hello Igor![edit]

Thank you for your contribution. I am familiar with PHSDL and appreciate all of the work CastleCops does (I work at SWI).

With that said, I suggest a couple minor changes to your paragraph. Please read my revision as follows:

The PHSDL, or Project Honeypot Spam Domains List[2], tracks and catalogs Zlob Spam Domains. Most of the domains on the list are redirects to pornographic websites that show a number of inline videos. Clicking on the video to play activates a request to download a malicious ActiveX codec. During this time, the user is prevented from closing your browser, with the exception of opening the Task Manager (by pressing Control, Alt, and Delete at the same time), then manually shutting down the browser process.


"Zlob Team of computer crackers automatically submit forum comments with the use of automated script program like Xrumer creating Forum spam."

I don't understand this part^ Please elaborate. I tracked Zlob to Russia... Zlob it is in Russian, so just use a translater.

You know what is a cracker vs a hacker?


"For Zlob trojan infection removal help visit Castlecops Forum[3]"

This is biased against the many other antispyware forums, and Wikipedia does not promote a bias point of view.

Do not want to be biased but figured to add a few sources to experts in Zlob Trojan. If you think we shoud remove we can do, or add a few more antispam forums. Maybe make a small subsection and explain what an anti Spam forum is and how it works and show examples of a few. I think that would be unbaised.

That is how all articles on technology and practical application are. Sory about my sentence stucture! Please DigIn and apply your knowledge, let's work together on this. You are welcome to make changes. And I will give it a lookSee and we keep going. Igor Berger (talk) 06:43, 25 November 2007 (UTC) ______

Screen317 (talk) 01:47, 25 November 2007 (UTC)

I referenced Honeypot (computing) for format and there is precedence for putting resource links, there is even product and services in external link section with a link to DMOZ. But sending people to DMOZ may not be the best solution, because of the letency in directory update. So the way it looks now, is good. If you can help me with my sentence structure will be great. Igor Berger (talk) 16:33, 25 November 2007 (UTC)


Ok, I added a few third-party references to show zlob's notability. I was unsure if this subject was notable enough to stay on Wikipedia, but after looking for sources, I believe it is. I did found a couple of sites that may be useful with expanding this article: [1] and [2]. I already used them in the article so you can just put <ref name=tm/> or <ref name=MacTrojan/>, respectively. Rocket000 (talk) 14:39, 26 November 2007 (UTC)


Maybe we could put a section on removing it or more information on what it does, because, apparently, LOTS of people have it

Viet|Pham (talk) 00:16, 9 May 2008 (UTC)Andy

well, i removed it with malwarebytes, and i removed it from a friends computer with spyboy S&D -- (talk) 03:14, 2 July 2009 (UTC)

Non-encylopedic phrase[edit]

"The trojan can be hidden in literally anything" doesn't sound very encyclopedic, nor is it true. It does not lurk in raw ASCII text files, for instance. "Literally anything" could mean it's hiding in my mousepad.

I would also caution against instructions for removal. One, WP is not a how-to. Secondly, I doubt WP wants the liability of a limited-talent user screwing up their system and claiming they were only following WP's instructions.

JeramieHicks (talk) 22:08, 7 October 2008 (UTC)

Mac version[edit]

This article is very confused - the ZLob ActiveX Trojan is NOT the same as the DNSChanger Mac Trojan. The 32 versions stated are of the mac version too. I think this should be split into two articles, as they appear to be two trojans by the same team SmackEater (talk) 19:39, 11 November 2009 (UTC)


I've removed this line because it does not make sense and it's not very encyclopedic and has grammar mistakes:

"Other names include w32 and it is able to co-comuinicate with the Vundo trojan horse if the victum is using a rouge clone of SpyBot Search and Destroy"

W32 is not a name just for Zlob, several viruses not related to Zlob also has W32 in their names.

The part with Vundo is probably false unless someone could provide a citation. ___________________________________________________________________________________________

Anyways, researchers have "received" a message from the creator of Zlob. Shouldn't this be squeezed into the article?

The End of Zlob

Securityadvisor - Talk | Contribs 00:16, 23 January 2009 (UTC)

Clarification needed[edit]

"It prevents the user from closing the browser in the usual manner." Could probably use some clarification.

Not sure if this is too obscure to warrant a mention on the talk page. I'd have edited itself, if I knew, but I don't, and getting infected to find out doesn't seem like such a worthy investment. This is my first time using a talk page; I pre-emptively apologize for any and all mistakes in etiquette or subject.

--DominicBuch (talk) 04:21, 7 June 2010 (UTC)

Content of Article[edit]

It sounds like much of the content of this article needs to be stripped and moved to an article on PHSDL. The PHSDL article could be linked to by the Zlob article, but for now, there is more content about PHSDL in this article than Zlob. I am attempting to write a systematic series of templated articles on different malware, campaigns, and families. Much of this work will consist of disambiguation of articles like this. Please comment on changes as they are made, and let me know if you disagree. Hushedfeet (talk) 17:14, 11 April 2012 (UTC)