Troj/Zbot-DSP
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 7 |
| First Seen: | January 29, 2013 |
| Last Seen: | January 21, 2020 |
| OS(es) Affected: | Windows |
Troj/Zbot-DSP is a variant of the infamous Citadel Trojan. The Troj/Zbot-DSP variant in particular has been targeting Canadian banks and retail points of sale in order to steal PIN numbers, credit card information, and other highly sensitive information. ESG security researchers have reported on the Citadel family of malware before. While, originally, Citadel was described as one more in the countless variants in the Zeus/Zbot group of malware, it has evolved into a very sophisticated malware infection designed to steal confidential information. Troj/Zbot-DSP represents a disturbing trend that PC security researchers have observed increasingly in attacks involving the Citadel malware, gathering high quality data rather than focusing on quantity in its attacks.
Table of Contents
Why Troj/Zbot-DSP’s Focus on Quality Over Quantity is a Dangerous New Development
Most Citadel variants would use far reaching tactics to capture as many login credentials, confidential numbers and other data as possible. In fact, one of the problems faced by criminals was not to gather more information but to weed through the high volumes of data in order to isolate the data that can be used for attacks. Troj/Zbot-DSP is particularly dangerous because, rather than focusing on attacking as many computer users as possible, Troj/Zbot-DSP instead attempts to be more specific with its attacks in order to make its attacks more dangerous to the general public. By analyzing Troj/Zbot-DSP's configuration files, ESG security researchers have determined that Troj/Zbot-DSP is targeting specific financial institutions in Canada and focusing especially on companies that handle point of sale devices. This means that Troj/Zbot-DSP's attack is highly focused on obtaining credit card and debit card information from specific points of sale. The result? While the data gathered will be much less in number, the percentage of stolen data that is actually useful is much higher, giving attackers a rate of return that is vastly superior to other Zbot and Zeus variants.
Like most information stealers, Troj/Zbot-DSP uses three tactics that are quite common in these kinds of attacks:
- Capturing images from the infected computer's screen.
- Grabbing information entered into fields in online forms.
- Logging all keystrokes on the infected computer's keyboard.
The way Troj/Zbot-DSP captures screenshots in particular is highly interesting, grabbing a screenshot each time the victim clicks the mouse. Form data is stolen by intervening the victim's Web browser, and the keylogger associated with Troj/Zbot-DSP is a highly wised up piece of malware that can be configured to log keystrokes during specific moments in time.
SpyHunter Detects & Remove Troj/Zbot-DSP
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | 13.exe | d2814ded0761709a9cafe5f3c780a774 | 3 |
| 2. | a.exe | cf54a73593a98cd7b3812ddffed6669e | 0 |
| 3. | emud.exe | 976b2ccbd07f1ca8f9322f0438290460 | 0 |
| 4. | a.exe | 727d0d82d92b4a399e76a8b473c90616 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.