TSPY_ZBOT.THY
TSPY_ZBOT.THY is a Trojan that is a variation of a banking Trojan called KINS, dubbed 'the next ZeuS' by media reports. TSPY_ZBOT.THY encompasses advanced anti-debugging and anti-analysis routines. To block analysis and debugging, TSPY_ZBOT.THY looks for and ceases running if it finds it is being executed inside several well-known virtual machine servers (particularly, VMWare and VirtualBox) or a Windows emulator (WINE). Similarly, other security tools such as Sandboxie will also make TSPY_ZBOT.THY to stop running. TSPY_ZBOT.THY drops a configuration file that involves the list of attacked banks, drops zone websites, and webinjects files. TSPY_ZBOT.THY steals online banking data such as user credentials by embedding a certain code onto the victim's web browsers when he/she visits particular domains in real time. When done, TSPY_ZBOT.THY displays bogus legal pop-up warning messages that ask to disclose banking credentials and additional information such as social security number.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Application Data%\{[RANDOM FOLDER NAME 1]\[RANDOM FILE NAME 1].exe | |
| 2. | %Application Data%\[RANDOM FOLDER NAME 2]\[RANDOM FILE NAME 2].[RANDOM FILE EXTENSION] |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.