ZBot (also known as Zeus, ZeusBot or WSNPoem) is a popular trojan engineered to steal sensitive data from compromised computers. Zeus was reported to be attacking the Verified by Visa and MasterCard SecureCode verification systems introduced in recent years by spoofing Visa and MasterCard enrollment screen. The latest variants can also gather the history of the visited Web sites and other data, which users provide online, while also capturing screenshots of the their desktop.
How ZBot works?
Zbot is known to be distributed mainly via the spam email campaigns and web pages which hosts the trojan. The latest campaign was morphing the LinkedIn login page. Once installed, ZBot modifies the files and folders’ structure, adds registry keys, injects code into several processes like winlogon.exe or svchost.exe, and adds exceptions to the Microsoft Firewall providing backdoor and server capabilities. It also sends sensitive information and listens on several ports for possible commands from the remote attackers’ command-and-control center.
Unfortunately many of the antivirus tools (free as well as paid ones) fail to catch the Zbot trojan all the time. This may be due to the ever-growing list of variants of the trojan.
ZBot Removal Tool
BitDefender has released the latest version of ZBot Removal Tool which is available for free to anyone who wants to download it. The removal tool checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild. With the frequent updates to the Zbot variants list, it is necessary to constantly check the ZBot Removal Tool page for additional updates of the tool.