Threat Database Backdoors Win32/Spy.Zbot.YW

Win32/Spy.Zbot.YW

By Domesticus in Backdoors

The Win32/Spy.Zbot.YW is a nasty spyware infection that is derived from the infamous Zeus, or Zbot, Trojan. This family of Trojans is well known for being quite effective at stealing banking information, such as account numbers and information, credit card numbers, online account passwords, and other essential banking information. Win32/Spy.Zbot.YW is also part of a multi-component malware attack aimed at integrating the infected computer system into the Zeus botnet. This allows Win32/Spy.Zbot.YW to spread from one computer to another through various email scams that originate from the Zeus botnet and similar networks of infected computers.

Basically, Win32/Spy.Zbot.YW infects a computer system and remains hidden, nearly undetectable without a reliable, fully-updated anti-malware scanner. Win32/Spy.Zbot.YW and its associated malware then establish a backdoor into the victim's computer system. A backdoor, much like a building's backdoor, can allow a criminal to enter undetected. Criminals can then set up malicious servers that take advantage of Win32/Spy.Zbot.YW backdoor in order to install Win32/Spy.Zbot.YW itself on the victim's computer system. Once installed, Win32/Spy.Zbot.YW can track the infected computer's online activity, detect when the victim visits any of a large number of banking-related websites, and then take screenshots or keep track of anything typed into the victim's keyboard. Finally, Win32/Spy.Zbot.YW can send this information to its command and control server to allow criminals to use this information to steal the victim's money.

Understanding the Vast Botnet Associated with Win32/Spy.Zbot.YW

Botnets are vast networks of infected computer systems that can be 'herded' by a criminal in order to perform coordinated actions. Typically, Win32/Spy.Zbot.YW Trojan-related botnets are utilized to transmit substantial quantities of spam email, which can be used to spread Win32/Spy.Zbot.YW to additional computer systems. The Zeus botnet has also been used in money-laundering and to perform attacks on specific servers by overloading them with requests from the huge number of computer systems in the botnet. The main problem with Win32/Spy.Zbot.YW and other Zbot threats is that an infected PC system will display no symptoms from Win32/Spy.Zbot.YW itself. Basically, the first sign of a Win32/Spy.Zbot.YW Trojan infection will be a warning from the victim's security software. Because of this, ESG security analysts strongly advise keeping your security software fully-updated.

SpyHunter Detects & Remove Win32/Spy.Zbot.YW

File System Details

Win32/Spy.Zbot.YW may create the following file(s):
# File Name MD5 Detections
1. %System%folderl0cal.ds
2. %System%folderus3r.ds
3. %System%folderus3r.ds.lll
4. ewty.exe c4181641527876b95ec6cc7905949ad5 0
5. ritoced2.jpg 5b308a79135a990c1814691e757b81d1 0
6. tinleedisu7.tmp c9b59e8b1b2cf0637faba0640a1b4e7d 0
7. wnineas.exe 414a885a60aa9d86e389304f49f3b272 0
8. waulldon6.htm 538037d269ad3ca8fabffcd2c82548ed 0

Registry Details

Win32/Spy.Zbot.YW may create the following registry entry or registry entries:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter] "Enabled" = 0 "EnabledV8" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\PhishingFilter] "Enabled" = 0 "EnabledV8" = 0
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UserInit" = "%originalvalue%, %system%d3dg86.exe,"

Trending

Most Viewed

Loading...