TSPY_ZBOT.THX
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 118 |
First Seen: | August 21, 2013 |
Last Seen: | January 26, 2023 |
OS(es) Affected: | Windows |
TSPY_ZBOT.THX is variant of KINS, a dangerous banking Trojan that seems to be on par with the infamous ZeuS/Zbot Trojan, one of the most dangerous and widespread malware infections in the last decade. The main danger of TSPY_ZBOT.THX is that TSPY_ZBOT.THX not only steals data from the infected computer, TSPY_ZBOT.THX also steals money from the computer users themselves. KINS variants like TSPY_ZBOT.THX are marketed towards criminals and hackers as professional-grade banking Trojan infections. PC security researchers have concerns that TSPY_ZBOT.THX and the many other KINS variants that have appeared may eventually become as successful as the infamous ZeuS/Zbot or Zbot infection. In fact, PC security researchers have observed that TSPY_ZBOT.THX and its variants may not be entirely new, and they may be derived from this infamous group of banking Trojans. It is important to remember that TSPY_ZBOT.THX and its variants are extremely dangerous, potentially allowing criminals to steal the contents of your bank accounts and your online banking and credit card credentials.
Other Attacks Related to TSPY_ZBOT.THX
Careful observation of TSPY_ZBOT.THX's code has revealed that TSPY_ZBOT.THX shares numerous characteristics with previous infections. In fact, TSPY_ZBOT.THX differs from the ZeuS/Zbot family of malware in that TSPY_ZBOT.THX uses a different pack and has advanced self-defense components designed to interfere with anti-malware software or debugging and analysis software. However, besides this, TSPY_ZBOT.THX is still unmistakably part of the ZeuS/Zbot family of malware. TSPY_ZBOT.THX uses the same file names and folders as this dangerous infection, makes the same harmful registry changes and carries out the same basic attack. Because of this, PC security analysts have started to regard TSPY_ZBOT.THX and other KINS variants as an offshoot of the ZeuS/Zbot family of malware with more advanced features.
How the Relationship between TSPY_ZBOT.THX and ZeuS/Zbot Can Affect a PC
To protect itself from PC security analysts, TSPY_ZBOT.THX searches for signs that TSPY_ZBOT.THX is running in a virtual machine or emulator such as WINE or VirtualBox and then disables itself if that is the case. This prevents malware analysts from analyzing TSPY_ZBOT.THX and coming up with ways to protect a computer from the TSPY_ZBOT.THX attack. In its infection process, TSPY_ZBOT.THX carries out an attack that is identical to common Zbot or ZeuS/Zbot infections. TSPY_ZBOT.THX downloads a list of banks targeted by this threat, drops its malicious files in the same directories and injects its malicious code into the same running processes. TSPY_ZBOT.THX interferes with the victim's Web browser, injecting malicious code into the victim's Web browser whenever the victim visits a URL associated with an online bank contained in TSPY_ZBOT.THX's list. This malicious code causes the victim's Web browser to display a pop-up window asking for the victim's login information and other private information, such s the victim's social security number.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.