TSPY_ZBOT.THX
Posted: August 21, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 276 |
| First Seen: | August 21, 2013 |
|---|---|
| Last Seen: | January 26, 2023 |
| OS(es) Affected: | Windows |
TSPY_ZBOT.THX is a variant of the KINS Trojan, which is confirmed to be an upgrade to previous versions of the banking Trojan Zeus. TSPY_ZBOT.THX doesn't differ from old versions of Zeus in terms of its central attacks, which involve stealing confidential information for the purpose of hijacking online bank account and initiating fraudulent cash transfers. However, TSPY_ZBOT.THX does include several new features that are designed to protect TSPY_ZBOT.THX from being detected or analyzed. From the perspective of accounting for these changes as best as possible, SpywareRemove.com malware experts advise using the most reliable and potent anti-spyware and anti-malware tools for deleting TSPY_ZBOT.THX, which uses well-developed techniques to keep itself hidden and prevent its easy deletion.
TSPY_ZBOT.THX: the New Year's new Danger for Online Banking
TSPY_ZBOT.THX operates in essentially the same manner as previous variants of Zeus: through heavy reliance on the well-documented (but still very effective) Man-in-the-browser or MitB attack strategy. Although TSPY_ZBOT.THX doesn't display any symptoms of its presence initially, TSPY_ZBOT.THX maintains a continuous but mostly-passive presence on your PC – until you visit a banking website that's on its list of targets. Once your browser loads an appropriate online banking site, TSPY_ZBOT.THX injects additional code that's used to steal your confidential bank account information. This code includes fraudulent requests for additional information (such as your phone number or Social Security Number) that are planned to look like requests from the bank's website despite originating from TSPY_ZBOT.THX.
TSPY_ZBOT.THX then transfers this information back to a remote server where criminals may use it to break into your bank account or implement other attacks with your personal information. SpywareRemove.com malware experts warn that, other than the unusual website behavior caused by TSPY_ZBOT.THX, there aren't any symptoms of TSPY_ZBOT.THX's attacks. This is, unfortunately, one of the key traits of most variants of Zeus, which are professionally-designed specialists in their jobs as banking Trojans. Other variants of Zeus less recent than TSPY_ZBOT.THX include TR/Dldr.Esitgun.A, KINS, WORM_ZBOT.GJ, Trojan-Spy.Win32.Zbot.jqye, Trojan horse Generic31.ASUA and Troj/Zbot-DPM.
The Parts of the TSPY_ZBOT.THX Update that Should Concern You
TSPY_ZBOT.THX is differentiated from past variants of the same banking Trojan mostly through its new defensive features. TSPY_ZBOT.THX automatically terminates itself on any PC that uses programs associated with malware analysis environments, including:
- Windows emulators like WINE, which provide small-scale simulations of Windows for non-Windows computers.
- Virtual machine (VM) programs that simulate entirely separate computer systems, such as VirtualBox or VMWare.
- Sandbox programs that are designed to isolate specific applications from the rest of your system (such as Sandboxie or Bufferzone).
While these defenses may slow down the analysis of TSPY_ZBOT.THX by various PC security companies, it also is a double-edged sword that can swing in your favor: having these programs on your PC also gives you an extra layer of defense against TSPY_ZBOT.THX. Since TSPY_ZBOT.THX is a sophisticated, flexible and well-developed PC threat, SpywareRemove.com malware experts recommend nothing less than the best anti-malware utilities at your availability for removing TSPY_ZBOT.THX safely, regardless of whether TSPY_ZBOT.THX is active or inactive. Naturally, any prolonged state of a TSPY_ZBOT.THX infection also should be considered a good impetus to talk to your bank about potentially leaked account information.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.