ZmEu (vulnerability scanner)

Last updated November 28, 2025

ZmEu is a computer vulnerability scanner which searches for web servers that are open to attack through the phpMyAdmin program,^[1]^[2]^[3] It also attempts to guess SSH passwords through brute-force methods,^[4] and leaves a persistent backdoor. It was developed in Romania and was especially common in 2012.

It is apparently named after Zmeu, a dragon-like being in Romanian folklore.^[5]

Log of a hacker running ZmEu on a webserver.

References

↑ "Fortinet®'s FortiGuard Threat Landscape Research Team Reports Four Samples of Money Making Malware to Watch for in 2013 | Fortinet". Archived from the original on August 30, 2014. Retrieved September 29, 2014.
↑ "Hacktivists Turn to ZmEu Scanning Tool to Compromise Websites, Fortinet Finds". 5 February 2013.
↑ "ZmEu attacks: Some basic forensic". 24 February 2011.
↑ "Google Code Archive - Long-term storage for Google Code Project Hosting".
↑ "Attacks by ZmEu or w00tw00t robots". 21 July 2010.

This security software article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Fortinet®'s FortiGuard Threat Landscape Research Team Reports Four Samples of Money Making Malware to Watch for in 2013 | Fortinet". Archived from the original on August 30, 2014. Retrieved September 29, 2014.

[2] "Hacktivists Turn to ZmEu Scanning Tool to Compromise Websites, Fortinet Finds". 5 February 2013.

[3] "ZmEu attacks: Some basic forensic". 24 February 2011.

[4] "Google Code Archive - Long-term storage for Google Code Project Hosting".

[5] "Attacks by ZmEu or w00tw00t robots". 21 July 2010.

[1]

[2]

[3]

[4]

[5]