ZeuS/ZBot

Posted: April 5, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	2,230
Threat Level:	2/10
Infected PCs:	319

First Seen:	April 5, 2012
Last Seen:	March 9, 2025
OS(es) Affected:	Windows

ZeuS/ZBot, AKA the notorious Zeus Trojan, is an updated variant of the Gameover Trojan and is involved in attacks that steal private information as well as allow criminals to access your PC. This Trojan has been in distribution for years, but its latest techniques for enabling the infection of new computers involve spam e-mail messages that claim to be from the US Airways company. This spam provides a link to a hostile site that hosts a Blackhole Exploit Kit, which installs a Trojan downloader that, in its own attack, finally installs ZeuS/ZBot. Although ZeuS/ZBot is difficult to detect and can even steal extremely sensitive information such as account passwords, SpywareRemove.com malware researchers are somewhat pleased to note that avoiding the initial ZeuS/ZBot infection is as simple as practicing good e-mail safety behavior and having competent anti-malware software to detect these attacks before ZeuS/ZBot can be installed. Since all currently known variants of ZeuS/ZBot (for example, the Gameover Trojan) are also noted for their ability to inject code into normal processes, deleting ZeuS/ZBot without assistance from the software noted above should be considered only as a last resort, if even that.

ZeuS/ZBot: Flying to Your E-mailbox for the Worst of Reasons

ZeuS/ZBot, as a Trojan with a complex and length history as far as PC threats go, can be (and has been) distributed in quite a few different ways, with many of its distribution methods involving fraudulent e-mail links. The latest ZeuS/ZBot attack uses a fake US Airways e-mail containing a link to a hostile site as a fake offering of details about an online flight reservation. Since this e-mail includes a confirmation code, noted expenses, a MasterCard reference and other tidbits that make it appear to be legitimate, it can be easy for victims to click on the link mistakenly – but the cost of your trust is immediate infection by ZeuS/ZBot.

ZeuS/ZBot or Zeus Trojan isn't the only PC threat that's involved in this attack since ZeuS/ZBot is installed by a separate Trojan downloader that uses a randomly-named .exe file, which is, itself, enabled by Java, Flash and Adobe Reader-based browser exploits. As these exploits are common means of browser-based attacks, SpywareRemove.com malware researchers heartily recommend that you disable all of the above features when you're viewing suspicious or potentially dangerous websites. However, as long as you delete this spam e-mail without clicking the provided link, you should shut off this avenue of approach for ZeuS/ZBot.

Looking at the Unsightly Destination That ZeuS/ZBot Wants You Headed Towards

ZeuS/ZBot, like any self-respecting type of spyware Trojan, uses various methods to obfuscate its presence and make its attacks unnoticeable on your computer. These techniques include injecting its code into normal system processes, which SpywareRemove.com malware researchers recommend for deletion by your choice of anti-malware software. As a sophisticated backdoor Trojan and spyware-based PC threat, ZeuS/ZBot can be used for any or all of the following acts of aggression:

Allowing criminals to control your PC via a backdoor vulnerability.
Using multiple methods to monitor, steal and transmit personal information (such as program-linked passwords or bank account details) to third parties.
Infecting .exe files, especially those on removable or network-based drives, so that ZeuS/ZBot can be distributed to other computers automatically.

Since ZeuS/ZBot is designed, first and foremost, as a thief of personal information, SpywareRemove.com malware research team suggests contacting your bank, changing your account passwords and making other security alterations after you've removed ZeuS/ZBot from your PC. Failing to do this may result in compromised accounts and other attacks in the future even if ZeuS/ZBot has been deleted.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ZeuS/ZBot may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy. * See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Additional Information

The following URL's were detected:

pinghauz.xyz