TSPY_ZBOT.SMQH
Posted: October 25, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 73 |
First Seen: | October 25, 2011 |
---|---|
OS(es) Affected: | Windows |
TSPY_ZBOT.SMQH is a new version of the spyware and backdoor Trojan Zeus (also known by the name Keylogger Zeus) that conceals its presence and steals private information such as bank login-related data. Although TSPY_ZBOT.SMQH was only distributed in a temporary string of spam e-mail attacks that targeted Australia-based e-mail addresses, SpywareRemove.com malware analysts have found evidence that TSPY_ZBOT.SMQH could be distributed to other regions in the future. If you've accessed a link from a fake Australian Taxation Office e-mail message, your PC may be infected by TSPY_ZBOT.SMQH, as well as by a related BlackHole Exploit Kit. These infections can result in account break-ins and other attacks that steal personal info and reduce your computer's security so that criminals can control it from external servers. Since TSPY_ZBOT.SMQH is a fairly new PC threat, it's strongly suggested that you update your anti-malware software, before you try to remove TSPY_ZBOT.SMQH with a system scan that analyzes all components of your PC.
TSPY_ZBOT.SMQH – the Latest Update to a Familiar Spy
TSPY_ZBOT.SMQH is just a new and upgraded version of Keylogger Zeus. Although older variants of Zeus have already stolen millions of dollars from online bank accounts, the younger TSPY_ZBOT.SMQH adds some extra safeguards to make its attacks even sneakier – TSPY_ZBOT.SMQH uses UDP ports instead of HTML-based methods of receiving configuration files, along with several other stealth improvements and retains all of original Keylogger Zeus's functions. Attacks from TSPY_ZBOT.SMQH can be changed by different sets of instructions, but the most common TSPY_ZBOT.SMQH dangers that SpywareRemove.com malware analysts have noted include:
- Stolen keyboard-based information (essentially, anything that you type, including passwords).
- Stolen login information for financial websites; TSPY_ZBOT.SMQH can be instructed specifically to search for this information on particular websites and in specific files, instead of trying to glean it from your general typing.
- Stolen information from specific types of money-transferal programs, particularly WebMoney Keeper Classic.
You may not see obvious symptoms of a TSPY_ZBOT.SMQH attack, and to make matters even worse than they were, TSPY_ZBOT.SMQH's propagation method also includes BlackHole Exploit Kit infections. BlackHole Exploit Kits can be used to install other types of harmful software and hack away at your computer's security settings. Changes to your firewall or network ports should be noted as possible signs of infection by TSPY_ZBOT.SMQH, a BlackHole Exploit Kit or other types of backdoor Trojans.
Keeping Yourself Clean of TSPY_ZBOT.SMQH
All currently-recorded TSPY_ZBOT.SMQH infections that SpywareRemove.com malware experts have confirmed have taken place due to contact with a late September 2011 spam e-mail link that infected the PC with TSPY_ZBOT.SMQH and a BlackHole Exploit Kit. This e-mail message pretended to be a message from the Australian Taxation Office, and has, so far, only targeted Australia. Similar attacks may also occur for other countries, however, and if you've clicked such a link, you should immediately enact safety measures to TSPY_ZBOT.SMQH from stealing any information or money that TSPY_ZBOT.SMQH can snatch.
Because of the sophisticated nature of TSPY_ZBOT.SMQH and BlackHole Exploit Kits, manual deletion isn't considered ideal and may even harm Windows if done in an improper manner. SpywareRemove.com malware experts strongly recommend that you run anti-malware tools in Safe Mode to remove TSPY_ZBOT.SMQH with all due efficiency. Afterwards, changing all passwords and similar forms of security-related information may be helpful to prevent account break-ins and other attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 175.1 KB (175104 bytes)
MD5: fb7ac5ee4d90edd9b4f3c0cdab57a071
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 2, 2011
file.exe
File name: file.exeSize: 158.2 KB (158208 bytes)
MD5: d15467e6bec5b7c7c8625773c7abe928
Detection count: 45
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 2, 2011
file.exe
File name: file.exeSize: 157.69 KB (157696 bytes)
MD5: bc580fb702455f3c40fce5a142171d3f
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 2, 2011
file.exe
File name: file.exeSize: 178.17 KB (178176 bytes)
MD5: a5b4b95bfe10aa40abab7a3e0a17eab1
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 2, 2011
file.exe
File name: file.exeSize: 177.66 KB (177664 bytes)
MD5: f7742c9a69790ead1552faf5171c1e90
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 2, 2011
%User Profile%\Application Data\[RANDOM CHARACTERS]
File name: %User Profile%\Application Data\[RANDOM CHARACTERS]Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\[RANDOM CHARACTERS]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.