TSPY_ZBOT.JMO

TSPY_ZBOT.JMO Description

TSPY_ZBOT.JMO is a Zeus or Zbot variant that, like all members of its family, steals bank-related credentials from the PCs that TSPY_ZBOT.JMO infects – typically to use to allow criminals to break into these accounts at a later date. While PC threats that are similar to TSPY_ZBOT.JMO can be distributed by a multitude of methods, TSPY_ZBOT.JMO’s distribution is, so far, limited to a fake European football (or soccer) site that mimics the UEFA’s website. Since TSPY_ZBOT.JMO’s installation is handled by the Trojan downloader TROJ_DLOADR.BGV and the same website also distributes TROJ_FAKEAV.HUU (a WinWebSec variant of fake anti-malware software), SpywareRemove.com malware researchers recommend thorough anti-malware scans for removing both TSPY_ZBOT.JMO and related PC threats. Despite the high level of danger in TSPY_ZBOT.JMO’s attacks, it will be only few or no symptoms of a TSPY_ZBOT.JMO infection, although you are highly likely to experience malfunctions in security-related applications.

How TSPY_ZBOT.JMO Kicks Your Personal Info Straight Over to Criminals

TSPY_ZBOT.JMO is a spyware Trojan or banking Trojan that’s based on the Win32/Zbot or ZeuS family. As a recently-detected variant from this family, TSPY_ZBOT.JMO has the best chance of being detected by anti-malware programs that are using updated threat databases, although heuristic detection methods may also suffice (especially if TSPY_ZBOT.JMO is disabled during the scan). TSPY_ZBOT.JMO and closely-related forms of spyware are particularly infamous for being designed to steal information from online bank accounts by monitoring browser forms, redirecting victims to copycat phishing sites and similar techniques that use high levels of sophistication to avoid detection.

TSPY_ZBOT.JMO was recently caught being indirectly-distributed at a fake UEFA site, [censored]uro2012.com, which installs TROJ_DLOADR.BGV and the scamware product Security Shield. The former of these two PC threats then installs TSPY_ZBOT.JMO, and SpywareRemove.com malware experts note that there are unlikely to be obvious symptoms of any of these attacks, with the exception of fake security warnings from Security Shield. You can defend against this fake Union of European Football Associations website and similar browser-exploiting PC threats by using strong browser security, such as disabling scripts, although SpywareRemove.com malware experts don’t recommend doing so in lieu of having actual anti-malware software.

The Security That Can Beat TSPY_ZBOT.JMO Even When Your PC’s Security is Under Attack

In addition to its bank information-related attacks, TSPY_ZBOT.JMO may also be used for other attacks that are typical for the Zeus Trojan family. SpywareRemove.com malware researchers suggest watching for the following issues as symptomatic of a TSPY_ZBOT.JMO infection:

• Disabled firewall programs, with or without the presence of pop-up alerts that display fake security information about these programs being corrupted.
• A variety of browser settings that are changed in the system Registry. These changes disable default protection against phishing sites, cookie-analyzing attacks, warnings against data submission to malicious sites and similar defenses.
• Backdoor exploits that can be used for a range of malicious purposes, such as rebooting your PC, installing harmful software or changing your browser’s homepage.

Lastly, SpywareRemove.com malware analysts also note that TSPY_ZBOT.JMO may also steal information from other entities besides banks. Other targets of note include online poker sites, e-mail clients and FTP programs.

TSPY_ZBOT.JMO Automatic Detection Tool (Recommended)

Technical Details

Home Malware ProgramsTrojans TSPY_ZBOT.JMO