Home Malware Programs Trojans ZeuS/ZBot

ZeuS/ZBot

Posted: April 5, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 54
First Seen: April 5, 2012
OS(es) Affected: Windows

ZeuS/ZBot, AKA the notorious Zeus Trojan, is an updated variant of the Gameover Trojan and is involved in attacks that steal private information as well as allow criminals to access your PC. This Trojan has been in distribution for years, but its latest techniques for enabling the infection of new computers involve spam e-mail messages that claim to be from the US Airways company. This spam provides a link to a hostile site that hosts a Blackhole Exploit Kit, which installs a Trojan downloader that, in its own attack, finally installs ZeuS/ZBot. Although ZeuS/ZBot is difficult to detect and can even steal extremely sensitive information such as account passwords, SpywareRemove.com malware researchers are somewhat pleased to note that avoiding the initial ZeuS/ZBot infection is as simple as practicing good e-mail safety behavior and having competent anti-malware software to detect these attacks before ZeuS/ZBot can be installed. Since all currently known variants of ZeuS/ZBot (for example, the Gameover Trojan) are also noted for their ability to inject code into normal processes, deleting ZeuS/ZBot without assistance from the software noted above should be considered only as a last resort, if even that.

ZeuS/ZBot: Flying to Your E-mailbox for the Worst of Reasons

ZeuS/ZBot, as a Trojan with a complex and length history as far as PC threats go, can be (and has been) distributed in quite a few different ways, with many of its distribution methods involving fraudulent e-mail links. The latest ZeuS/ZBot attack uses a fake US Airways e-mail containing a link to a hostile site as a fake offering of details about an online flight reservation. Since this e-mail includes a confirmation code, noted expenses, a MasterCard reference and other tidbits that make it appear to be legitimate, it can be easy for victims to click on the link mistakenly – but the cost of your trust is immediate infection by ZeuS/ZBot.

ZeuS/ZBot or Zeus Trojan isn't the only PC threat that's involved in this attack since ZeuS/ZBot is installed by a separate Trojan downloader that uses a randomly-named .exe file, which is, itself, enabled by Java, Flash and Adobe Reader-based browser exploits. As these exploits are common means of browser-based attacks, SpywareRemove.com malware researchers heartily recommend that you disable all of the above features when you're viewing suspicious or potentially dangerous websites. However, as long as you delete this spam e-mail without clicking the provided link, you should shut off this avenue of approach for ZeuS/ZBot.

Looking at the Unsightly Destination That ZeuS/ZBot Wants You Headed Towards

ZeuS/ZBot, like any self-respecting type of spyware Trojan, uses various methods to obfuscate its presence and make its attacks unnoticeable on your computer. These techniques include injecting its code into normal system processes, which SpywareRemove.com malware researchers recommend for deletion by your choice of anti-malware software. As a sophisticated backdoor Trojan and spyware-based PC threat, ZeuS/ZBot can be used for any or all of the following acts of aggression:

  • Allowing criminals to control your PC via a backdoor vulnerability.
  • Using multiple methods to monitor, steal and transmit personal information (such as program-linked passwords or bank account details) to third parties.
  • Infecting .exe files, especially those on removable or network-based drives, so that ZeuS/ZBot can be distributed to other computers automatically.

Since ZeuS/ZBot is designed, first and foremost, as a thief of personal information, SpywareRemove.com malware research team suggests contacting your bank, changing your account passwords and making other security alterations after you've removed ZeuS/ZBot from your PC. Failing to do this may result in compromised accounts and other attacks in the future even if ZeuS/ZBot has been deleted.

Loading...