ZeuS/ZBot
Posted: April 5, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 54 |
| First Seen: | April 5, 2012 |
|---|---|
| OS(es) Affected: | Windows |
ZeuS/ZBot, AKA the notorious Zeus Trojan, is an updated variant of the Gameover Trojan and is involved in attacks that steal private information as well as allow criminals to access your PC. This Trojan has been in distribution for years, but its latest techniques for enabling the infection of new computers involve spam e-mail messages that claim to be from the US Airways company. This spam provides a link to a hostile site that hosts a Blackhole Exploit Kit, which installs a Trojan downloader that, in its own attack, finally installs ZeuS/ZBot. Although ZeuS/ZBot is difficult to detect and can even steal extremely sensitive information such as account passwords, SpywareRemove.com malware researchers are somewhat pleased to note that avoiding the initial ZeuS/ZBot infection is as simple as practicing good e-mail safety behavior and having competent anti-malware software to detect these attacks before ZeuS/ZBot can be installed. Since all currently known variants of ZeuS/ZBot (for example, the Gameover Trojan) are also noted for their ability to inject code into normal processes, deleting ZeuS/ZBot without assistance from the software noted above should be considered only as a last resort, if even that.
ZeuS/ZBot: Flying to Your E-mailbox for the Worst of Reasons
ZeuS/ZBot, as a Trojan with a complex and length history as far as PC threats go, can be (and has been) distributed in quite a few different ways, with many of its distribution methods involving fraudulent e-mail links. The latest ZeuS/ZBot attack uses a fake US Airways e-mail containing a link to a hostile site as a fake offering of details about an online flight reservation. Since this e-mail includes a confirmation code, noted expenses, a MasterCard reference and other tidbits that make it appear to be legitimate, it can be easy for victims to click on the link mistakenly – but the cost of your trust is immediate infection by ZeuS/ZBot.
ZeuS/ZBot or Zeus Trojan isn't the only PC threat that's involved in this attack since ZeuS/ZBot is installed by a separate Trojan downloader that uses a randomly-named .exe file, which is, itself, enabled by Java, Flash and Adobe Reader-based browser exploits. As these exploits are common means of browser-based attacks, SpywareRemove.com malware researchers heartily recommend that you disable all of the above features when you're viewing suspicious or potentially dangerous websites. However, as long as you delete this spam e-mail without clicking the provided link, you should shut off this avenue of approach for ZeuS/ZBot.
Looking at the Unsightly Destination That ZeuS/ZBot Wants You Headed Towards
ZeuS/ZBot, like any self-respecting type of spyware Trojan, uses various methods to obfuscate its presence and make its attacks unnoticeable on your computer. These techniques include injecting its code into normal system processes, which SpywareRemove.com malware researchers recommend for deletion by your choice of anti-malware software. As a sophisticated backdoor Trojan and spyware-based PC threat, ZeuS/ZBot can be used for any or all of the following acts of aggression:
- Allowing criminals to control your PC via a backdoor vulnerability.
- Using multiple methods to monitor, steal and transmit personal information (such as program-linked passwords or bank account details) to third parties.
- Infecting .exe files, especially those on removable or network-based drives, so that ZeuS/ZBot can be distributed to other computers automatically.
Since ZeuS/ZBot is designed, first and foremost, as a thief of personal information, SpywareRemove.com malware research team suggests contacting your bank, changing your account passwords and making other security alterations after you've removed ZeuS/ZBot from your PC. Failing to do this may result in compromised accounts and other attacks in the future even if ZeuS/ZBot has been deleted.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.