ZeuS/ZBot
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 1 |
| First Seen: | April 5, 2012 |
| Last Seen: | February 21, 2025 |
| OS(es) Affected: | Windows |
ZeuS/ZBot is an infamous family of malware composed of banking Trojans. These are designed to infiltrate a computer system, silently lurk in the victim's computer, detect any banking-related activity, and then relay this information to a remote server. The ZeuS/ZBot malware infection is also associated with a vast botnet, that is, a network of infected computer systems which a criminal can control in order to perform coordinated attacks using all the infected computers. Botnets such as these can be used to send out large quantities of spam email (which has often been used to spread malware in the ZeuS/ZBot family) or to perform distributed denial of service attacks on particular targets. The ZeuS/ZBot family of malware is often distributed through social engineering email attacks, usually phishing email scams spoofing email addresses belonging to courier companies, airlines, banking institutions, and many other sources. These emails will usually contain a link to an attack website or an attached file containing the ZeuS/ZBot infection itself.
The ZeuS/ZBot family has also been linked to the blackhole exploit kit, usually used to set up websites that attempt to exploit dozens of vulnerabilities at once in order to infect the victim's computer system with a ZeuS/ZBot infection. Since the ZeuS/ZBot infection is silent, it can be quite a problem for its victims. Often, the only symptom of a ZeuS/ZBot infection is in its detection by a reliable anti-malware scanner. Because of this, making sure that your security program is up-to-date and that you scan your system periodically should be a top priority.
A Recent Attack Involving the ZeuS/ZBot Trojan Family
ESG malware analysts detected a string of attacks involving the ZeuS/ZBot banking Trojan family. These attacks involved spam email messages claiming to contain details on the victim's flight reservations, usually spoofing the logos and email addresses of well-known airlines like US Airways or American Airlines. These emails claim to have the victim's confirmation code and flight, as well as a link that supposedly allows the victim to view their reservation online. However, clicking on this link takes the victim to an attack website using the BlackHole Exploit Kit in order to install the ZeuS/ZBot Trojan on the victim's computer system. This does not happen directly; first, an executable file is downloaded onto the victim's computer system. This executable, also known as a "downloader" Trojan, then connects to a remote server and downloads and installs the ZeuS/ZBot infection itself.
URLs
ZeuS/ZBot may call the following URLs:
| pinghauz.xyz |
