{
	"id": "23b0e4d8-870c-4a90-97c2-4657f0618cfe",
	"created_at": "2026-04-06T00:20:14.639069Z",
	"updated_at": "2026-04-10T03:20:03.37025Z",
	"deleted_at": null,
	"sha1_hash": "7e79084c1687aa6509eae37ed78ba1bd8d9d1d36",
	"title": "Leveraging ZeuS to send spam through social networks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 421322,
	"plain_text": "Leveraging ZeuS to send spam through social networks\r\nArchived: 2026-04-05 15:58:55 UTC\r\nMalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security,\r\ncriminology computing and information security in general, always from a perspective closely related to the\r\nfield of intelligence.\r\nLeveraging ZeuS to send spam through social networks\r\nWe were able to analyze a pack to make zombies of ZeuS at spammers through social networks. Specifically, the\r\nmodule is analyzed developed for use in Vkontakte.ru, the Russian clone of Facebook.\r\nThis crimeware has been created by someone calling himself Deex of Freedomscripts Team and sold for the\r\nmodest price of USD 100 (via WebMoney).\r\nThe pack includes several configuration files, which make it:\r\nconfig.ini: has defined the target (friends or online, although so far only seems to work the first option) and\r\npassword of the administrator control panel. When selecting friends, messages are sent to all our contacts,\r\nbut are not online at that time.\r\nmessage.txt: contains the text of the message to send.\r\ntitle.txt: contains the title of the message to send.\r\nresults.txt: here were keeping the infected user statistics (vkontakte identifier, IP and number of messages\r\nsent).\r\nwebinjects.txt: HTML code injected in the sitting of infected PCs sending spam trigger.\r\nThe contents of that file should be added (or completely replace) the file of the same name necessary to build\r\nbinaries of ZeuS, and then reconstruct the configuration file and the executable of ZeuS.\r\nOnce the victim's PC is infected with this executable as well as sending a typical ZeuS reports, will check the page\r\nyou visited and if the addition of Vkontakte.ru and be in English (does not work in other languages) , activate the\r\ninjection of code in the page, which always maintains the appearance of authenticity.\r\nhttp://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html\r\nPage 1 of 5\n\nFrom that moment, all requests are processed by the HTML page that handles getconfig.php later call to the real\r\npage to avoid suspicion, showing the user the actual content as you surf vkontakte.ru its pages; while below, sends\r\na message every time you click a link from the page js.php, as seen in the following snippet from log:\r\nThe result can be seen in the sent items, where all messages that have been sending our contacts:\r\nhttp://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html\r\nPage 2 of 5\n\nAll this is managed from a panel of independent control of ZeuS, which requires no database to run, since\r\nconfiguration and reporting are in separate text files.\r\nThe control panel is simple enough. It has a blank login page with a box to put the password that gives access to\r\nthe panel itself, with a menu of 5 options:\r\nReports: shows the result of sending spam. In our example, the ID has sent 20 messages from the specified\r\nIP.\r\nInject: shows the code injection (webinjects.txt) and links to three pages responsible for performing tasks\r\ninvolving the shipment.\r\nhttp://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html\r\nPage 3 of 5\n\nSettings: From here you can manage the configuration files to change the password and set the title and\r\nbody of the message to send. This data is stored in the configuration files mentioned above.\r\nHelp: A brief page with some indication of what this pack and the two component parts: Inject and Admin.\r\nhttp://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html\r\nPage 4 of 5\n\nLogout. To exit the control panel.\r\nIn short, this package demonstrates how easy it's to take advantage of belonging to a botnet zombies under the\r\ncontrol of ZeuS for the sending of messages through social networks.\r\nAlthough this case concerns only in the first instance, to Vkontakte.ru, adapt it to other social networks or use it\r\nfor other attacks through web pages, such as making fraudulent clicks, it would be pretty easy.\r\nRelated Information\r\nZeuS Botnet y su poder de reclutamiento zombi\r\nZeuS, spam y certificados SSL\r\nEficacia de los antivirus frente a ZeuS\r\nEspecial!! ZeuS Botnet for Dummies\r\nBotnet. Securización en la nueva versión de ZeuS\r\nFusión. Un concepto adoptado por el crimeware actual\r\nZeuS Carding World Template. (...) la cara de la botnet\r\nEntidades financieras en la mira de la botnet Zeus II\r\nEntidades financieras en la mira de la botnet Zeus I\r\nLuckySploit, la mano derecha de Zeus\r\nZeuS Botnet. Masiva propagación de su troyano II\r\nZeuS Botnet. Masiva propagación de su troyano I\r\nErnesto Martin\r\nCrimeware Researcher in Malware Intelligence\r\nSource: http://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html\r\nhttp://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"http://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html"
	],
	"report_names": [
		"leveraging-zeus-to-send-spam-through.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434814,
	"ts_updated_at": 1775791203,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7e79084c1687aa6509eae37ed78ba1bd8d9d1d36.pdf",
		"text": "https://archive.orkl.eu/7e79084c1687aa6509eae37ed78ba1bd8d9d1d36.txt",
		"img": "https://archive.orkl.eu/7e79084c1687aa6509eae37ed78ba1bd8d9d1d36.jpg"
	}
}