Microsoft Found Zemot, a Strain of the Infamous Upatre Malware

Softpedia.com reported on 11th September, 2014 quoting Microsoft as saying "dropper of Zemot is a thread of the malware downloader, Upatre which benefits from different distribution points including both spam botnet as well as compromised websites."

Microsoft observed activity from TrojanDownloader: Win32/Upatre.B during late 2013 and found that cybercriminals preferred it to distribute two strains of click-fraud malicious software. These two strains have been accordingly named as PWS:Win32/Zbot.gen!AP and PWS:Zbot.CF), the software giant says.

In May 2014, Upatre.B was renamed as Zemot separate two threats which are similar in nature with certain different particulars which was enough to make them a new family of malware.

Zemot is a malware which is a part of a network having complex structure involving many kind of malware. Security researchers note that the malware is delivered to the PC of the user via exploit kits Nuclear Pack and Magnitude, or it can be circulated via spam-sending botnet as such as Kuluoz.

Once Zemot enters the system, it beings directing in click-fraud malware. However, Microsoft off-late observes many other types of threats which have been circulated (Rovnix, Viknok and Tesch) and can be used to download new malware or to steal sensitive information.

According to Microsoft, family of Zemot includes other important characteristics like using many techniques to ensure that the module which has been downloaded will be unbeaten on all Windows platform.

Besides this, Zemot has other features: major variants having different formats related to download file name and static configuration. Modules like getting the user privilege, OS version, routine downloading and URL parsing are picked from the source code of Zbot and variants can be tied up with other malwares (one Trojan downloader can circulate numerous malware payloads.)

This threat model is complex in nature which makes it important to ensure that your installed security software covers all part of infection chain consisting the downloaders which can otherwise create re-infection. The software giant also suggests that there are a whole lot of websites of software security available online which offer free versions of security tools which can be easily downloaded to remove Zemot from your machine.

» SPAMfighter News - 9/20/2014