Trojan.Zbot
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 2,188 |
| First Seen: | July 24, 2009 |
| Last Seen: | March 31, 2023 |
| OS(es) Affected: | Windows |
Trojan.Zbot is a fairly generic backdoor Trojan infection that is closely linked to Mal/VB-AER and the Zeus Trojan, one of the most infamous malware infections. Since 2007, Trojan.Zbot has made headlines when Trojan.Zbot was used to infiltrate and steal information from the Transportation Department of the United States. Since March of 2009, Trojan.Zbot and the Zeus Trojan became widespread, infecting millions of computer from all around the world. ESG security researchers detected thousands of FTP servers of some of the most popular websites that were infected with the Zeus Trojan and Trojan.Zbot. Malware analysts estimate that the botnets associated with Trojan.Zbot cost billions of dollars every year and that a large percentage of phishing messages on Facebook and in spam emails are sent in order to spread malware associated with Trojan.Zbot. In the fall of 2010, the FBI cracked down on the criminal network thought to be responsible for an attack using Trojan.Zbot and the Zeus Trojan that resulted in the theft of more than seventy million dollars from American banks. About ninety people were arrested in relation to these criminal acts in the United States, the Russian Federation, the United Kingdom and Ukraine. In 2011, PC security researchers are facing a serious challenge since the source code of Zeus Trojan and Trojan.Zbot were leaked to the public, enabling practically anyone to use Trojan.Zbot to perform their own attacks.
Table of Contents
Is Your Computer System in Danger from Trojan.Zbot?
While malware associated with Trojan.Zbot is not confined to a single area, the five countries with the highest incidence of infection are Mexico, Egypt, Saudi Arabia, the United States and Turkey. As of today, this malware infection is linked to the largest botnets known to PC security researchers. If your operating system is not Windows, then you are safe from Trojan.Zbot. This malware infection can only attack computer system with the Windows Operating system. Users of Windows Vista and Windows Vista SP1 operating systems are particularly vulnerable and form the majority of computer systems integrating this network of infected computers. Each criminal can fine tune their infection in order to steal different data, although Trojan.Zbot is mostly linked to credit card and online banking account information theft. However, these can also be used to steal login information for email or social media accounts.
Aliases
15 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| AVG | Generic7_c.BULS |
| Fortinet | W32/Bublik.AKIQ!tr |
| Ikarus | Backdoor.Win32.DarkKomet |
| AhnLab-V3 | Trojan/Win32.Jorik |
| McAfee-GW-Edition | Heuristic.BehavesLike.Win32.Suspicious-BAY.S |
| AntiVir | TR/Rogue.8877826.1 |
| DrWeb | Trojan.PWS.Stealer.1932 |
| Kaspersky | Trojan.Win32.Bublik.akiq |
| Avast | AutoIt:MalOb-J [Trj] |
| McAfee | Artemis!1C946EE5948C |
| AVG | Generic32.CDAA |
| Ikarus | Trojan.Win32.Spy2 |
| DrWeb | Trojan.PWS.Multi.1119 |
| Kaspersky | Trojan-Dropper.Win32.Agent.hjwv |
| Fortinet | W32/Jorik_Zbot.PLC!tr |
SpyHunter Detects & Remove Trojan.Zbot
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Default File.exe | 5fa02bc9691141176fc57bdce0bb534b | 187 |
| 2. | GoogleUpdate.exe | de75d9858dd25f83ee666c4890367023 | 157 |
| 3. | ace.exe.exe | 2af6923df61c3800fb4957cd5163646d | 118 |
| 4. | sys_config.exe | 2c770a08cf50a31e138aa505c81a8cb4 | 38 |
| 5. | Default File.exe | 1b9c59e945282029f8c335ce2ce0a1fc | 32 |
| 6. | Elgato.exe | d9a57b7f55011099f22eac398f8683a3 | 20 |
| 7. | ace.exe.exe | fc504bb9ddd9108d5ef6ec00e1175a28 | 20 |
| 8. | file.exe | 2fae551124df3827bbe80db1faaa301f | 18 |
| 9. | Default File.exe | ce9a0cdd7f5f3a46c13e8001db1fc4b4 | 14 |
| 10. | Defcon.exe | 02dbd6164feb882e0c5fbd546ded3781 | 13 |
| 11. | ntos.exe | 9893493ec0578ac0194366a4e027e829 | 2 |
| 12. | MaelXpers.exe | a69349baf03c5a5f8dac25232ae55a8d | 2 |
| 13. | dwtray.exe | aa872cb97a821e7736ba479558acfe78 | 1 |
| 14. | file.exe | 829d8db0a02b42ebb83f69270e866f5c | 1 |
| 15. | file.exe | 6507c499f9f66673de194ecf2b1b0c0c | 1 |
| 16. | file.exe | eda57630f1f05be1349bd894b55ddc8c | 1 |
| 17. | shortcuts.exe | 5cb5a2617939cc2428f4f24b9f56421f | 1 |
| 18. | file.exe | 0efa791652688dba9b98a058f34f3fc8 | 1 |
| 19. | file.exe | ddff58440405b2efcd1a0c9526030712 | 0 |
| 20. | file.exe | bca3e9732a8773753c96ed33477183d4 | 0 |
| 21. | file.exe | f59734c38a813c39afc56c1821ed2f73 | 0 |
| 22. | file.exe | 8674aea8a06a15702e8f7e73b1bd5399 | 0 |
| 23. | file.exe | 390bea6328266b46fe2c615035e92fad | 0 |
| 24. | file.exe | 431ceaa2baef14549d3fc9959b33f872 | 0 |
| 25. | file.exe | 1e76d0e3d7c1ecc56ab0036ea0e3b16c | 0 |
| 26. | file.exe | 41176e654dc58bce22ab124c9bba4bd2 | 0 |
| 27. | file.exe | 4d7f59a1fdf8524ef18f984530c7b095 | 0 |
Registry Details
URLs
Trojan.Zbot may call the following URLs:
| 2sdfhs8d7fsh34d8f7s.org |
| 51qn.net |
| av4321.us |
| batmu.cn |
| clicksurfcash.net |
| crisis1s.com |
| fordearfriends.com |
| hotdomainworld.info |
| kakajz.cn |
| lilj.us |
| sfqjsf.cn |
| skp360.com |
