TSPY_ZBOT.ADD

TSPY_ZBOT.ADD is a variant of the banking Trojan Zeus, including all of the expected bank account data-stealing attacks along with a new distribution technique involving a second Trojan (identified as TSPY_FAREIT.ADI) and tax-themed e-mail spam. Because TSPY_ZBOT.ADD's symptoms are limited to those TSPY_ZBOT.ADD deems necessary for stealing your personal information and its distribution strategy involves tricking the victim into thinking that they're downloading something else entirely, a TSPY_ZBOT.ADD infection easily may compromise a bank account while leaving you oblivious... until your money begins to disappear. Anti-malware software and good Web-browsing habits continue to be your best defenses against spyware like TSPY_ZBOT.ADD and TSPY_FAREIT.ADI, which SpywareRemove.com malware experts classify as high-level PC threats.

When a Browser Attack is Included in Your Tax Returns

TSPY_ZBOT.ADD is one of the newer versions of Trojan Zeus to be confirmed to be distributed in the wild, with its infection vectors consisting of a multiple-stage attack that starts at your digital mailbox. Spam e-mail messages recently sent out to various targets in the UK claimed to be notifications of successful VAT (or Value-Added Tax) return forms, with additional information provided in an enclosed ZIP attachment. Of course, this ZIP file actually is a Trojan dropper that installs TSPY_FAREIT.ADI, a backdoor Trojan and spyware program that simultaneously steals information (from Web browsers, FTP clients and other programs) while also opening a backdoor for further attacks. Even alone, TSPY_FAREIT.ADI is capable of being an impressive security hazard, but SpywareRemove.com malware researchers also confirmed TSPY_FAREIT.ADI's installation of a second Trojan: TSPY_ZBOT.ADD.

TSPY_ZBOT.ADD is a Trojan that uses Man-in-the-browser attacks to intercept your Web browser communications whenever you visit one of a list of pre-specified banking websites. However, TSPY_ZBOT.ADD isn't limited to monitoring and stealing information passively; TSPY_ZBOT.ADD also may take an active role in its thefts. By injecting malicious Web content into your browser, TSPY_ZBOT.ADD can request further information for TSPY_ZBOT.ADD to steal. These requests are formatted to look like additional security procedures from the bank website.

SpywareRemove.com malware researchers stress that these changes only take place within your PC and do not affect the bank website. Thus, PC users who don't catch TSPY_ZBOT.ADD in time may find that their accounts are subjected to fraudulent cash transfers and other issues before the bank has any clues of a potential problem.

Adding Safety from TSPY_ZBOT.ADD to Your Online Banking Habits

Detecting and deleting TSPY_ZBOT.ADD or its fellow Fareit Trojan will require using anti-malware programs – since both of these PC threats include advanced defenses against casual deletion and often will not show any symptoms to be detected by at all. Above all else, avoiding the infection vectors responsible for TSPY_ZBOT.ADD's attacks will keep your PC as safe as possible, and British residents should be especially on the watch for tax-themed e-mail spam reminiscent of TSPY_ZBOT.ADD's attack campaign.

As a parting note, SpywareRemove.com malware researchers also mention that ZIP-packaged file attachments are one of the most common vehicles for transferring malware to new computers due to the minor protection provided by archive-based file obfuscation. However, suitably competent anti-malware utilities shouldn't have any problems in detect PC threats related to TSPY_ZBOT.ADD, regardless of whether they're zipped or unzipped.

Technical Details