TSPY_ZBOT.THX

TSPY_ZBOT.THX is variant of KINS, a dangerous banking Trojan that seems to be on par with the infamous ZeuS/Zbot Trojan, one of the most dangerous and widespread malware infections in the last decade. The main danger of TSPY_ZBOT.THX is that TSPY_ZBOT.THX not only steals data from the infected computer, TSPY_ZBOT.THX also steals money from the computer users themselves. KINS variants like TSPY_ZBOT.THX are marketed towards criminals and hackers as professional-grade banking Trojan infections. PC security researchers have concerns that TSPY_ZBOT.THX and the many other KINS variants that have appeared may eventually become as successful as the infamous ZeuS/Zbot or Zbot infection. In fact, PC security researchers have observed that TSPY_ZBOT.THX and its variants may not be entirely new, and they may be derived from this infamous group of banking Trojans. It is important to remember that TSPY_ZBOT.THX and its variants are extremely dangerous, potentially allowing criminals to steal the contents of your bank accounts and your online banking and credit card credentials.

Other Attacks Related to TSPY_ZBOT.THX

Careful observation of TSPY_ZBOT.THX's code has revealed that TSPY_ZBOT.THX shares numerous characteristics with previous infections. In fact, TSPY_ZBOT.THX differs from the ZeuS/Zbot family of malware in that TSPY_ZBOT.THX uses a different pack and has advanced self-defense components designed to interfere with anti-malware software or debugging and analysis software. However, besides this, TSPY_ZBOT.THX is still unmistakably part of the ZeuS/Zbot family of malware. TSPY_ZBOT.THX uses the same file names and folders as this dangerous infection, makes the same harmful registry changes and carries out the same basic attack. Because of this, PC security analysts have started to regard TSPY_ZBOT.THX and other KINS variants as an offshoot of the ZeuS/Zbot family of malware with more advanced features.

How the Relationship between TSPY_ZBOT.THX and ZeuS/Zbot Can Affect a PC

To protect itself from PC security analysts, TSPY_ZBOT.THX searches for signs that TSPY_ZBOT.THX is running in a virtual machine or emulator such as WINE or VirtualBox and then disables itself if that is the case. This prevents malware analysts from analyzing TSPY_ZBOT.THX and coming up with ways to protect a computer from the TSPY_ZBOT.THX attack. In its infection process, TSPY_ZBOT.THX carries out an attack that is identical to common Zbot or ZeuS/Zbot infections. TSPY_ZBOT.THX downloads a list of banks targeted by this threat, drops its malicious files in the same directories and injects its malicious code into the same running processes. TSPY_ZBOT.THX interferes with the victim's Web browser, injecting malicious code into the victim's Web browser whenever the victim visits a URL associated with an online bank contained in TSPY_ZBOT.THX's list. This malicious code causes the victim's Web browser to display a pop-up window asking for the victim's login information and other private information, such s the victim's social security number.