Home Malware Programs Trojans Trojan-Spy.Win32.Zbot.qgje

Trojan-Spy.Win32.Zbot.qgje

Posted: October 23, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 89
First Seen: October 23, 2013
Last Seen: September 9, 2023
OS(es) Affected: Windows

Trojan-Spy.Win32.Zbot.qgje is a recent variant of Zeus or Zbot, a spyware Trojan that has earned a notorious reputation for its use of flexible information-stealing attacks, including some particularly sophisticated functions that are meant to compromise bank accounts while you're accessing a relevant banking site. The most recent campaign involving Trojan-Spy.Win32.Zbot.qgje is a Pinterest spam e-mail attack, following right on the heels of a very similar Pinterest spam attack that distributed a separate Trojan:ZeroAccess/Sirefef. Pinterest users should be on the lookout for suspicious e-mail messages that may expose them to drive-by-downloads for Trojan-Spy.Win32.Zbot.qgje and other high-level PC threats – and SpywareRemove.com malware experts stress the importance of using qualified anti-malware tools whenever deleting Trojan-Spy.Win32.Zbot.qgje is needed.

Trojan-Spy.Win32.Zbot.qgje and the Next Wave of Zbots Coming for Your Cash

Minor variations of Trojan Zeus, a prominent banking Trojan, are seen on a very regular basis, and Trojan-Spy.Win32.Zbot.qgje is a very clear-cut example of the trend of Zbot-based profiteering continuing to use social engineering-based attacks. This most recent Trojan-Spy.Win32.Zbot.qgje campaign uses spam e-mail messages that target random individuals, with the messages formatted to look almost identical to a legitimate Pinterest e-mail confirmation. Victims who click the confirmation button will be redirected to a compromised site hosting multiple software exploits.

Malware experts have been able to confirm that these exploits are JavaScript-based; as such, disabling JavaScript (or not having it installed at all) can provide a fair degree of protection from the Trojan-Spy.Win32.Zbot.qgje-installing attack. However, vulnerable computers may be infected with Trojan-Spy.Win32.Zbot.qgje and one other type of threats, which currently is identified by heuristic labels, and has an unidentified payload.

Of course, all versions of Zeus are especially known for their 'man in the middle' style browser attacks, which are capable of intercepting confidential information and may request additional information with the requests disguised as safe website content. Online bank account users are particularly vulnerable to Trojan-Spy.Win32.Zbot.qgje, but Trojan-Spy.Win32.Zbot.qgje also may be used to attack other types of information, such as phone numbers or e-mail addresses.

Keeping the Spies from Flying Straight to Your Finances

Besides the usual JavaScript-related precautions, avoiding suspicious Pinterest e-mail messages should be taken for granted as the easiest way to keep Trojan-Spy.Win32.Zbot.qgje from clambering onto your PC – and it's worth noting that Trojan-Spy.Win32.Zbot.qgje isn't the only Trojan seen using Pinterest spam to attack arbitrary computers this month. If you're in doubt about whether a link is legitimate, always visit the relevant website directly instead of trusting a link from a potentially unsafe source.

Trojan-Spy.Win32.Zbot.qgje attacks are designed for stealing your personal information while showing as few symptoms as possible to accomplish their goals. Because Trojan-Spy.Win32.Zbot.qgje is a high-level PC threat with an emphasis on advanced stealth features, SpywareRemove.com malware researchers can recommend nothing less than high-quality, up-to-date anti-malware products for removing Trojan-Spy.Win32.Zbot.qgje from your PC. Until anti-malware tools have examined your computer, you should assume that your PC is potentially compromised by Trojan-Spy.Win32.Zbot.qgje after any contact with its website – even if you don't see any evidence of an ongoing attack.

Technical Details

Additional Information

The following URL's were detected:
boxenteam.com/hathaway/index.html?emailmpss/PSEUDO_RANDOM_CHARACTERSlesperancerenovations.comlouievozza.comlouvozza.comlv-contracting.comlvconcordecontracting.commcbelectrical.caoliviagurun.comonecable.caonlyidea.comoriginalpizzaplus.caoriginalpizzaplus.compapak.capccreature.compixieglitztutus.compizzapluswindsor.caplainidea.compoindextersonpatrol.comprocreature.comsaltlakecityutahcommercialrealestate.com
Loading...