Wednesday, June 15, 2011

Incident Analysis: Million Dollars Lost In A Minute

Dudes, I and two other fellows have dealt with an incident about a victim whose online banking account has been compromised and a huge lumpsum of money is transferred out to eastern europe. In fact, the victim is still using the old two-factor authentication token, it means we cannot identify the generated passcode is for authentication, money transfer to a specific account , bill payment, etc, attacker manipulates it indeed. Please download it from here.
Enjoy it, mate ;-)


  1. The analysis has been updated. We have found that .zlg file extension is used by a software called e-Surveiller (, it simply records user activities (like keystroke, screen captures...etc) and send them to remote site via FTP.

  2. Other malware reported which connected to the same C&C "g r e a t h e l l . r u"

    C&C information recorded in MalwareGroup