TSPY_ZBOT.AMM
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 1 |
| First Seen: | October 17, 2012 |
| Last Seen: | January 8, 2022 |
| OS(es) Affected: | Windows |
TSPY_ZBOT.AMM is one of the many variants of the infamous Zbot or Zeus Trojan. This particular variant is distributed using a social engineering attack that involves fake email messages from PayPal or WebEx. The TSPY_ZBOT.AMM infection comes from a Trojan dropper and backdoor that comes in the form of a fake update for Adobe Flash Player. This fake update is contained in a malicious website that spoofs the real Adobe Flash Player download website down to the last detail. The initial spam email message that begins the TSPY_ZBOT.AMM attack uses a spoofed email address and a highly authentic message body to convince computer users that it is indeed a legitimate email message from WebEx or PayPal. The fake Adobe Flash Player Update, a file named update_flash_player.exe is a malicious file that has been seen repeatedly in various other malware attacks. In this particular instance, it is detected by security software as TSPY_FAREIT.SMC.
Table of Contents
Understanding the Social Engineering Attack Used to Deliver TSPY_ZBOT.AMM
The fake Adobe Flash Player update mentioned above is contained in a phishing website that is designed to look and act like the real Adobe Flash website. The malicious email messages that are used to distribute these attacks contain HTM file attachments that, when opened, lead to this website. These malicious email messages supposedly indicate that they can help the victim to establish a WebEx conference or they contain important information about a PayPal transaction. In fact, they do neither of these two things. Visiting the malicious website that contains the Trojan dropper, computer users will find that the only way to differentiate from the real Adobe Flash website is by taking a close look at the website's address.
The Zbot or Zeus Trojan family of Trojans is famous for the data stealing and spy capabilities of its members. TSPY_ZBOT.AMM and other Zbot variants are specifically created to steal online banking information and to compromise the victim's personal data. Worst of all, TSPY_ZBOT.AMM is designed to operate silently in the background, recording the victim's sensitive information without alerting the victim of its presence. A TSPY_ZBOT.AMM infection can lead to the loss of money contained in online bank accounts or lost access to online email accounts, FTP servers, or other sensitive websites that require login information to be accessed.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %User Profile%\Application Data\{RANDOM CHARACTERS1}\{RANDOM CHARACTERS}.exe | |
| 2. | %User Profile%\Application Data\{RANDOM CHARACTERS2}\{RANDOM CHARACTERS}.{RANDOM CHARACTERS} | |
| 3. | %User Profile%\Application Data\Microsoft\Address Book\{username}.wab |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.