TSPY_ZBOT.JMO is a Zeus or Zbot variant that, like all members of its family, steals bank-related credentials from the PCs that TSPY_ZBOT.JMO infects – typically to use to allow criminals to break into these accounts at a later date. While PC threats that are similar to TSPY_ZBOT.JMO can be distributed by a multitude of methods, TSPY_ZBOT.JMO’s distribution is, so far, limited to a fake European football (or soccer) site that mimics the UEFA’s website. Since TSPY_ZBOT.JMO’s installation is handled by the Trojan downloader TROJ_DLOADR.BGV and the same website also distributes TROJ_FAKEAV.HUU (a WinWebSec variant of fake anti-malware software), SpywareRemove.com malware researchers recommend thorough anti-malware scans for removing both TSPY_ZBOT.JMO and related PC threats. Despite the high level of danger in TSPY_ZBOT.JMO’s attacks, it will be only few or no symptoms of a TSPY_ZBOT.JMO infection, although you are highly likely to experience malfunctions in security-related applications.
How TSPY_ZBOT.JMO Kicks Your Personal Info Straight Over to Criminals
TSPY_ZBOT.JMO is a spyware Trojan or banking Trojan that’s based on the Win32/Zbot or ZeuS family. As a recently-detected variant from this family, TSPY_ZBOT.JMO has the best chance of being detected by anti-malware programs that are using updated threat databases, although heuristic detection methods may also suffice (especially if TSPY_ZBOT.JMO is disabled during the scan). TSPY_ZBOT.JMO and closely-related forms of spyware are particularly infamous for being designed to steal information from online bank accounts by monitoring browser forms, redirecting victims to copycat phishing sites and similar techniques that use high levels of sophistication to avoid detection.
TSPY_ZBOT.JMO was recently caught being indirectly-distributed at a fake UEFA site, [censored]uro2012.com, which installs TROJ_DLOADR.BGV and the scamware product Security Shield.
The Security That Can Beat TSPY_ZBOT.JMO Even When Your PC’s Security is Under Attack
In addition to its bank information-related attacks, TSPY_ZBOT.JMO may also be used for other attacks that are typical for the Zeus Trojan family. SpywareRemove.com malware researchers suggest watching for the following issues as symptomatic of a TSPY_ZBOT.JMO infection:
- Disabled firewall programs, with or without the presence of pop-up alerts that display fake security information about these programs being corrupted.
- A variety of browser settings that are changed in the system Registry. These changes disable default protection against phishing sites, cookie-analyzing attacks, warnings against data submission to malicious sites and similar defenses.
- Backdoor exploits that can be used for a range of malicious purposes, such as rebooting your PC, installing harmful software or changing your browser’s homepage.
Lastly, SpywareRemove.com malware analysts also note that TSPY_ZBOT.JMO may also steal information from other entities besides banks. Other targets of note include online poker sites, e-mail clients and FTP programs.
TSPY_ZBOT.JMO Automatic Detection Tool (Recommended)
Is your PC infected with TSPY_ZBOT.JMO? To safely & quickly detect TSPY_ZBOT.JMO, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect TSPY_ZBOT.JMO What happens if TSPY_ZBOT.JMO does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
Posted: June 28, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 23