Troj/Zbot-CCH is a dangerous Trojan in the Zbot or Zeus family and among the most common malware included in spam campaigns. The role of the Troj/Zbot-CCH Trojan in a malware attack is to establish a backdoor into the victim’s computer system and to download a Remote Access Tool (RAT) that allows criminals to control the infected computer system from a remote location. The Troj/Zbot-CCH Trojan may also have keylogger capabilities and have components designed to steal financial information and sensitive data such as online passwords and credit card numbers. Like most Trojans from the Trojan.Zbot or Zeus Trojan family, Troj/Zbot-CCH does not have the ability to spread on its own and will rely on other malware or on social engineering in order to infect a computer system.
Troj/Zbot-CCH and Spam Email Campaigns
Spam email messages are among some of the most common ways in which criminals spread malware such as the Troj/Zbot-CCH Trojan. ESG security researchers have found a widespread outbreak of the Troj/Zbot-CCH Trojan associated with a recent spam email campaign. This spam email campaign will try to convince victims that it contains an email attachment with compromising photos of the victim or of the victim’s girlfriend. To do this, most of the messages that have been associated with this spam email campaign will use threatening language blackmailing the victim with the supposed compromising photographs or will attempt to make the victim think that the photos in question have been leaked.
All messages in this spam email campaign share the same file attachment, a ZIP file that is named ‘Photos’. However, opening this ZIP file will actually install Troj/Zbot-CCH itself or a downloader Trojan which will then contact a remote server to download and install Troj/Zbot-CCH and other malware threats onto the victim’s computer system. In some cases, actual nude photos may be shown in order to distract the victim while the installation of Troj/Zbot-CCH or other malware occurs in the background.
What You Can Do to Protect Yourself from Troj/Zbot-CCH
The best things you can do to protect your computer system from a Troj/Zbot-CCH infection include using reliable security software and common sense when going online. Most malware infections can be prevented by following basic online safety guidelines such as never opening unsolicited email attachments, staying away from websites considered unsafe (such as pornographic websites and file sharing web pages) and always keeping your security software fully up to date.
How Can You Detect Troj/Zbot-CCH?