Home Malware Programs Trojans TSPY_ZBOT.FAZ

TSPY_ZBOT.FAZ

Posted: August 24, 2011

TSPY_ZBOT.FAZ is a worm from the Trojan.Zbot (or Win32/Zbot) family, a collection of worms that steal passwords and create serious security risks on infected computers. What sets TSPY_ZBOT.FAZ apart from its kin is TSPY_ZBOT.FAZ's tendency to market itself through exceptionally-convincing spam messages that imitate Facebook friend requests. Any attempts to accept these requests will send you to a fake Flash update that is actually TSPY_ZBOT.FAZ, which will proceed to violate your computer's security and try to steal personal information. Additional attacks may also occur, depending on the configuration instructions that TSPY_ZBOT.FAZ receives from external sources. Although TSPY_ZBOT.FAZ is an extremely dangerous infection for any Windows PC, detecting and deleting TSPY_ZBOT.FAZ should be left to an anti-malware program, ideally one that's equipped with the latest available updates for its threat definitions database.

How to Tell When TSPY_ZBOT.FAZ Comes Knocking at Your Virtual Door

TSPY_ZBOT.FAZ spam attacks look very similar to normal Facebook messages, and use the same white-and-blue format along with a spoofed sender field that makes it look like Facebook is the actual sender. However, the telltale sign that all isn't right comes when you try to accept this friend request – the spam message will send you to a Facebook-clone website that supposedly requires a Flash update. If you simply avoid downloading Flash updates from sources that aren't officially-linked to Adobe Flash, you should be able to avoid a TSPY_ZBOT.FAZ infection by this method.

As a Zbot worm, similar to PWS:Win32/Zbot.QV, PWS:Win32/Zbot.FAR, PWS:Win32/Zbot.ZL, PWS:Win32/Zbot.L, PWS:Win32/Zbot.gen!AD, PWS:Win32/Zbot.FZ, PWS:Win32/Zbot.GM or PWS:Win32/Zbot.RR, TSPY_ZBOT.FAZ can also use traditional worm strategies to infect a new PC. TSPY_ZBOT.FAZ may attempt to copy itself to network-shared locations or to a removable hard drive. Any computers that access these locations may also suffer from TSPY_ZBOT.FAZ infection, even if they don't interact intentionally with any files there. Basic worm infiltration techniques may also conceal TSPY_ZBOT.FAZ's files from sight and you shouldn't expect to be able to detect TSPY_ZBOT.FAZ, unless you have an anti-malware program to do so.

Should You Accept This Venomous Friend into Your Fold....

Although TSPY_ZBOT.FAZ can be adjusted and tweaked to cause many different problems for your computer, SpywareRemove.com malware research team has rated the following attacks as most likely to occur and most prominent in potential harm:

  • TSPY_ZBOT.FAZ may attempt to steal passwords, account user information and other private information. This stolen information is then sent out to criminals who will use it to break into your accounts, commit identity theft or simply take everything that can be taken from your accounts. TSPY_ZBOT.FAZ's methodology for this spying work also uses URL monitoring, so that information that's linked to important websites is particularly likely to be targeted and compromised. Online accounts for Bank of America are particularly known to be attacked by TSPY_ZBOT.FAZ and other Zbot worms.
  • TSPY_ZBOT.FAZ may use code-injection tactics to avoid being detected. This allows TSPY_ZBOT.FAZ to launch itself as part of Windows and make removing TSPY_ZBOT.FAZ a significant challenge.
  • TSPY_ZBOT.FAZ may install other forms of harmful applications that SpywareRemove.com malware researchers have developed long familiarity with, such as rogue security programs, keyloggers, ransomware Trojans or rootkits.
  • Your security settings may be changed so that TSPY_ZBOT.FAZ can easily contact remote criminals; common changes include opened network ports and firewall exceptions. The backdoor access that TSPY_ZBOT.FAZ creates on your PC can allow criminals to exert absolute control over your computer.
Loading...