Trojan ZBot-D Unleashed to Steal Users’ Data

Researchers at MicroWorld, security service vendor, have reported a growing number of attacks on the Web on account of the ZBot-D Trojan also called ZBot that first appeared in February 2008 and mainly spreads through e-mails.

The security researchers disclosed that the malevolent Trojan ZBot could effortlessly deactivate the firewall, allow a remote hacker to access the infected computer and steal financial information from the end-user. The Trojan is designed to perform multiple malicious tasks at any time.

When the ZBot Trojan was first detected in February 2008, several Finnish-language spam mails were unleashed that directed recipients to different Websites. These Websites seemingly contained an image that depends on an iPIX plug-in. However, the link to download the 'plug-in' actually downloads the ZBot Trojan.

This Trojan does various harmful activities such as modifying system files or creating additional system processes. It also automatically removes cookies from the Internet Explorer URL cache so that typed data may be recorded and transmitted to the controller of the botnet, when unwitting users feed their passwords and other sensitive information on banking Websites. By using this malware, banks in various countries have fallen to attacks. Also, the same spam mails forcing the installation have been found in different languages.

Meanwhile, once an end-user opens a ZBot carrying e-mail message, a file called "ntos.exe" is automatically planted on his system folder and entries are added to the registry to activate the Trojan whenever the system is rebooted. The Trojan then wreaks havoc by transmitting the user's private data to remote Websites where the hackers/botnet herders capture them and sell them to other criminals for monetary gains.

Moreover, security researchers also disclosed that the Trojan floods inboxes with large amounts of spam mails as well as compromises the infected system to make it and added to the botnet. Such zombie computers are then utilized for carrying out criminal activities such as spamming, coordinated DDOS attacks and so on.

Furthermore, in a similar attack by ZBot in April 2008, spam mails containing a link that supposedly showing pictures of a mushrooming cloud rising from a Finland-located nuclear reactor.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 21-08-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial