Zemot

Zemot is a Trojan dropper and a strain of the already notorious Upatre malware downloader, which the computer experts have associated with dropnets. A dropper is a computer program, specially designed to work as a platform for downloading various types of malicious software. So downloading and installing the Zemot Dropper is just the first stage of a complex chain reaction which may lead to severe security breaches in your computer system and even provide hackers with unauthorized access to it. Usually, the anti-virus programs have difficulties detecting the Zemot malware, so the users have no clue about its presence until the malicious payload reaches their system.

It was at the end of 2013 when the security researchers observed for the first time activity from TrojanDownloader:Win32/Upatre.B. Analysts determined that its authors used this malware dropper for the distribution of the PWS:Win32/Zbot.CF and PWS:Win32/Zbot.gen!AP Trojans. There were quite a few similarities between the first version of Upatre malware downloader and its modified new version, but also enough differences to set them apart. In May 2014, Microsoft security researchers noticed a new Upatre.B variation has surfaced and decided to name this new update Zemot. This marked the emergence of a new malware family.

Common Ways for Distribution of Zemot Malware Dropper

The security experts have already proven that the Zemot dropper is distributed via many different ways which include spam-sending botnets such as Asprox & Kuluoz, contaminated websites such as media[dot]vogue[dot]com and exploit kits like Magnitude and Nuclear Pack. Other methods consist of an e-mail spam assault, harmful links sent by the social networks or file-sharing sites. You are particularly vulnerable to the Zemot dropper in case you download illegal content such as cracked versions of proprietary software or key generator programs.

There are reported cases when the Zemot malware checks if some of your programs are not up-to-date and uses this weakness to infiltrate the system. So if you don't have the latest versions of Adobe Flash or Internet Explorer, for example, this may facilitate the downloading of the Zemot dropper.

Key Features and Symptoms of Zemot

Once Zemot successfully reaches your computer, it initiates its malicious task. The process is very complex and often consists of the installation of a few different droppers until eventually the ultimate payload infiltrates your system. The Microsoft analysts confirmed that Zemot uses several methods in order to make sure the malicious module will work on all Windows versions.

To make it very difficult for the anti-virus software to detect the threat in time, the Zemot malware gives a unique file name for each file it in its directory. This way the dropper also increases the number of threats in your PC. The tools used to get your OS, user privilege and downloading order are borrowed from the source code of the infamous Zbot. Security experts claim that recently other malware including Win32/Rovnix, Trojan.Viknok, and Win32/Tesch relied on Zemot to achieve their harmful intentions. They may be used to obtain valuable information stored on your hard disc, as well as to continue the process and bring more malicious programs.

In case the Zemot dropper reaches your PC, you will likely witness immediate slowdowns of your PC speed. The programs may take longer to load, you may have trouble connecting to the Internet and the browser will also be slower. In addition, some settings may be altered without your permission. Zemot will use your computer resources to access a set in advance server and download its content. The functioning of your security software and firewall may be disrupted by the malware and various Windows tools may be harmed as well - including your File Manager, Task Manager and Windows Registry. Zemot will attach itself deep into the core files and change the Windows Registry settings which in turn will make the removal harder. Depending on the payload that Zemot downloads, you may witness other problems as well. According to recent data announced by Microsoft, since May 2014 there is a decrease in the number of affected computers by Zemot - down to 30,000 computers in July and 25,000 in August. It is still highly recommended to use the latest versions of your anti-malware program and to be careful when you see suspicious links or programs.