A group of French researchers known as 'Malware Analysis & Diagnostic' picked up on a Win32/Zlob variant which contained a follow up to a blog post we made in October. It’s interesting that the malware author confirmed that he’s in Russia, and it warms my heart that they’re “closing soon”.
For Windows Defender's Team:
I saw your post in the blog (10-Oct-2008) about my previous message.
Just want to say 'Hello' from Russia.
You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast.
I can't sign here now (he-he, sorry), how it was some years ago for more seriously vulnerability for all Windows 😉
Happy New Year, guys, and good luck!
P.S. BTW, we are closing soon. Not because of your work. :-))
So, you will not see some of my great 😉 ideas in that family of software.
Try to search in exploits/shellcodes and rootkits.
Also, it is funny (probably for you), but Microsoft offered me a job to help improve some of Vista's protection. It's not interesting for me, just a life's irony.
Considering the enormous amount of malware we go through every day, it can be difficult to track follow up samples like this. It's very comforting to know that there are lots of others out there helping us research malware and disclose interesting findings.
Je vous remercie de l'avoir trouvé!