The Win32/Spy.Zbot.YW is a nasty spyware infection that is derived from the infamous Zeus, or Zbot, Trojan. This family of Trojans is well known for being quite effective at stealing banking information, such as account numbers and information, credit card numbers, online account passwords, and other essential banking information. Win32/Spy.Zbot.YW is also part of a multi-component malware attack aimed at integrating the infected computer system into the Zeus botnet. This allows Win32/Spy.Zbot.YW to spread from one computer to another through various email scams that originate from the Zeus botnet and similar networks of infected computers.
Basically, Win32/Spy.Zbot.YW infects a computer system and remains hidden, nearly undetectable without a reliable, fully-updated anti-malware scanner. Win32/Spy.Zbot.YW and its associated malware then establish a backdoor into the victim's computer system. A backdoor, much like a building's backdoor, can allow a criminal to enter undetected. Criminals can then set up malicious servers that take advantage of Win32/Spy.Zbot.YW backdoor in order to install Win32/Spy.Zbot.YW itself on the victim's computer system. Once installed, Win32/Spy.Zbot.YW can track the infected computer's online activity, detect when the victim visits any of a large number of banking-related websites, and then take screenshots or keep track of anything typed into the victim's keyboard. Finally, Win32/Spy.Zbot.YW can send this information to its command and control server to allow criminals to use this information to steal the victim's money.
Understanding the Vast Botnet Associated with Win32/Spy.Zbot.YW
Botnets are vast networks of infected computer systems that can be 'herded' by a criminal in order to perform coordinated actions. Typically, Win32/Spy.Zbot.YW Trojan-related botnets are utilized to transmit substantial quantities of spam email, which can be used to spread Win32/Spy.Zbot.YW to additional computer systems. The Zeus botnet has also been used in money-laundering and to perform attacks on specific servers by overloading them with requests from the huge number of computer systems in the botnet. The main problem with Win32/Spy.Zbot.YW and other Zbot threats is that an infected PC system will display no symptoms from Win32/Spy.Zbot.YW itself. Basically, the first sign of a Win32/Spy.Zbot.YW Trojan infection will be a warning from the victim's security software. Because of this, ESG security analysts strongly advise keeping your security software fully-updated.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.