Mal/Zbot-FV
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 20 % (Normal) |
Infected Computers: | 109 |
First Seen: | March 21, 2012 |
Last Seen: | November 3, 2022 |
OS(es) Affected: | Windows |
ESG security analysts have received reports of a recent batch of fake emails belonging to a scam labeled as Mal/Zbot-FV because of its relationship to the Zeus or Zbot botnet. While the actual Mal/Zbot-FV message may not be directly related to this botnet, the format of the fake email message that Mal/Zbot-FV uses to attempt to deliver malware to its victims is identical to tactics that were initially related to botnets such as Zeus or Zbot and Bredo. Botnets are vast networks made up of thousands of computers that have been taken hostage with the help of malware. Criminals can use these computers to carry out devastating coordinated attacks, such as sending out huge amounts of email or attack websites by overloading them with requests. The most common way in which botnets recruit new victims is by sending out spam email containing Trojans that allow the criminal to gain unauthorized access to the victim's computer. The Mal/Zbot-FV attack is one such kind of malicious email.
Table of Contents
Mal/Zbot-FV is an Email Attack that is Disguised as a Message from DHL
The Mal/Zbot-FV attack tends to be associated with fake emails supposedly coming from a courier and messaging companies like FedEx and DHL. These messages make the victim believe that they have either received a package, or that there was some kind of trouble with a message that they tried to send out. The Mal/Zbot-FV attack will include an embedded link or malicious attached file that leads the victim to the actual Trojan which carries out the devastating invasion on the victim's computer system. This scam has been around for a long time. While the most recent Mal/Zbot-FV was observed in March of 2012, Mal/Zbot-FV rises up periodically.
In fact, ESG malware analysts detected a particularly malicious version of the Mal/Zbot-FV attack in July 2011, which claimed numerous victims all around the world. The Mal/Zbot-FV message is quite convincing, well written, and authentic-looking. It uses images from DHL and a spoofed email address with a "dhl" domain. The Mal/Zbot-FV attack will include a compressed archive in ZIP format with a varying name. In most cases, the files name will be particularly long (for example, DHL-Express-Delivery-Notification-Details_03-2012_[Random tracker number].zip in order to distract the victim from the ZIP extension). Opening the attached file causes the victim's computer system to be infected with a Trojan downloader or dropper which establishes a backdoor and then access a remote server, so it will be able to download and install other malware on the victim's computer.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | DHL-Express-Delivery-Notification-Details_03-2012_[random id].zip |
URLs
Mal/Zbot-FV may call the following URLs:
initiatelatestmostthefile.vip |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.