WORM_ZBOT.GJ
WORM_ZBOT.GJ is a variant of the Zbot or Zeus Trojan that has been adapted to spread on its own using typical worm techniques. Although the general consensus was that Zbot attacks were declining, making way for newer types of malware, there has been a resurgence of Zbot infections in 2013, especially in malware campaigns distributed through Facebook and other social networks. The WORM_ZBOT.GJ worm is a particularly worrying variant of this well-known threat. WORM_ZBOT.GJ arrives in the form of a malicious PDF file. This file is designed to make the computer user believe that it is a common business invoice. However, opening this file causes an error message to appear that distracts the victim while WORM_ZBOT.GJ is being installed on the victim's computer.
Table of Contents
The Infection Process of WORM_ZBOT.GJ
Once WORM_ZBOT.GJ has used the social engineering technique mentioned above to distract its victim, WORM_ZBOT.GJ connects to a remote server in order to update itself. Then, WORM_ZBOT.GJ attempts to spread to any removable drives that may be connected to the infected computer. Within each drive on the victim's computer, WORM_ZBOT.GJ creates a hidden folder with all of its malicious files and a disguised shortcut that leads to the hidden folder. Zbot is a well known banking Trojan, designed to steal sensitive information such as credit card number, banking credentials, etc. However, as a Trojan, it was limited in that it was not capable of propagating on its own. This capability is what makes the WORM_ZBOT.GJ variant particularly worrying.
Understanding the Modus Operandi of WORM_ZBOT.GJ
Other variants of Zbot are usually distributed through secondary malware threats such as exploit kits or using social engineering. The fact that criminals have created a self propagating Zbot variant does not bode well, and it is likely that Zbot attacks involving variants similar to WORM_ZBOT.GJ will increase in the course of time. This is not the first time that Zbot has been combined with other forms of malware; ESG security analysts have observed Zbot variants that take advantage of file infectors to spread. However, in the past, malware that combines several tactics into a single attack, such as Conficker and Flame, have proven to be highly resilient and difficult to remove and can often have devastating results. Because of this, ESG malware researchers urge computer users to protect themselves from WORM_ZBOT.GJ by using a well trusted, fully up-to-date anti-malware application to protect their computer.
URLs
WORM_ZBOT.GJ may call the following URLs:
| poaships.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.