Be-Aware of ZBot Trojan Malware

ZBot Trojan Malware is a form of malicious software that targets Microsoft Windows and is often used to steal financial data. First detected in 2007, the ZBot Trojan Malware has become one of the most successful pieces of botnet software in the world, afflicting millions of machines and spawning a host of similar pieces of ZBot Trojan Malware built off of its code. While the threat posed by ZBot Trojan Malware dwindled when its creator purportedly retired in 2010, a number of variants showed up on the scene when the source code became public, making this particular infection relevant and dangerous once again.

ZBot Trojan Malware is very difficult to detect even with up-to-date antivirus and other security software as it hides itself using stealth techniques. It is considered that this is the primary reason why the ZBot Trojan Malware has become the largest botnet on the Internet and it has been estimated that the ZBot Trojan Malware infected 3.6 million PCs in the U.S. in 2009. Trained security professionals are recommending that businesses must offer training to their users and educate them to avoid clicking on hostile and suspicious links in emails or Web-sites. In addition to that, they should always keep the antivirus protection of their systems up to date.

In October 2010 the US FBI announced that Cyber-Criminals in Eastern Europe had managed to infect computers around the world using ZBot Trojan Malware. The virus was distributed in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the Trojan software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log in to online banking accounts.

The Cyber-Criminals then employed that knowledge to acquire the access of victim’s banking credentials and conduct unauthenticated transactions of thousands of dollars. These Cyber-Criminals often earn a commission, by routing the funds to other accounts controlled by a network of money mules. Many of the U.S. money mules opened bank accounts employing fraudulent documents and false names, as they were recruited from overseas. Once the money was in the accounts, the mules would either wire it back to their bosses in Eastern Europe, or withdraw it in cash and smuggle it out of the country.

More than 100 people were arrested on charges of conspiracy to commit bank fraud and money laundering, over 90 in the US, and the others in the UK and Ukraine. Members of the ring had stolen $70 million.

In 2013 a Cyber-Criminal was arrested in Thailand and deported to Atlanta, Georgia, USA. Early reports said that he was the mastermind behind ZBot Trojan Malware. He was accused of operating Spy-Eye (a bot functionally similar to ZBot Trojan Malware) botnets and suspected of also operating ZBot Trojan Malware botnets. He was charged with several counts of wire fraud and computer fraud and abuse. Court papers allege that from 2009 to 2011 those teams of Cyber-Criminals “developed, marketed, and sold various versions of the Spy-Eye virus and component parts on the Internet and this helped cyber criminals to have a customized approach to acquire victims personal and financial credentials without breaking a sweat. In addition to that those Cyber-Criminals also broadcasted Spy-Eye on Internet forums devoted to cyber-crime and other illegal activities. The Spy-Eye botnet control server was situated in Atlanta and as a result, the charges in Georgia were only related Spy-Eye.

The ZBot Trojan Malware can do a number of nasty things once it infects a computer, but it really has two major pieces of functionality.

First of all, it builds a botnet, which is a network of infected systems that are covertly operated by the ZBot Trojan Malware’s owner. The botnet provides those Cyber-Criminals with tons of valuable information that can be used to execute large-scale massive attacks.

ZBot Trojan Malware also acts as a financial services Trojan designed to steal banking credentials from the machines it infects. It accomplishes this through website monitoring and keylogging, where the ZBot Trojan Malware recognizes when the user is on a banking website and records the keystrokes used to log in. This means that the Trojan can get around the security in place on these websites, as the keystrokes required for logging in are recorded as the user enters them.

Some forms of this ZBot Trojan Malware also affect mobile devices, attempting to get around two-factor authentication that is gaining popularity in the financial services world. Basically, the ZBot Trojan Malware only infects the system that is operating on Microsoft Windows, However, some of the latest versions of the ZBot Trojan Malware have been found exploiting BlackBerry, Symbian and Android devices.

The creator of the ZBot Trojan Malware released the source code of the infection out in the public in 2011, opening the doors for the creation of a number of new, updated versions of the ZBot Trojan Malware. These days, even though the original ZBot Trojan Malware has been largely neutralized, the Trojan lives on as its components are used in a large number of new and emerging infections.

The ZBot Trojan Malwarehas two main methods of infection:

Spam messages
Drive-by downloads

The spam messages often come in the form of email, but there have been social media campaigns designed to spread the infection through messages and postings on social media sites. Once users click on a link in the email or message, they are directed to a website that automatically installs the ZBot Trojan Malware. Because the ZBot Trojan Malware is adept at stealing login credentials, it can sometimes be configured to steal email and social media credentials, enabling the botnet to spam messages from authentic sources and acquires a vast range of expansion.

Drive-by downloads happen when the Cyber-Criminals are able to corrupt legitimate websites, inserting their malicious code into a website that the user trusts. The ZBot Trojan Malware then installs itself when the user visits the website or when the user downloads and installs a benign program.

Prevention through safe Internet practices is always the first step in staying safe from the ZBot Trojan Malware. This means avoiding potentially dangerous websites, like those offering illegal free software, adult material or illegal downloads, as the owners of these types of websites often have no problem allowing ZBot Trojan Malware’s owner to host their software on the site. Being safe also means not clicking on links in email or social media messages unless you were expecting the message. Remember: Even if the message is from a trusted source, if that source is afflicted with ZBot Trojan Malware, the message could still be corrupt.

Staying safe also means being safe when interacting with financial institutions while online. Two-factor authentication, where the website sends a confirmation code to a mobile device to confirm the login, is a must. Remember, though, that some offshoots from Z-Bot Trojan Malware have also infected mobile devices, so using this kind of authentication shouldn’t be seen as a cure-all.

It is extremely essential that one should have a powerful, updated antivirus solution in their system. However, it won’t help you from visiting unsafe websites where you might find the Trojan, but it definitely has the ability to detect that Trojan malware when it tries to enter into your system. Additionally, these solutions can scan your system and remove the infection, if it already exists on your machine.

While there are a number of antivirus solutions out there, including a number that offers a free trial period, it’s important to choose one that’s from a leader in the industry that updates their solutions constantly. The fact that the Z-Bot Trojan Malware source code is public means that there will be no end to the damage that this infection can do, and every few years you can expect that new versions of the Z-Bot Trojan Malware will arise. Only a security vendor that is constantly vigilant against new threats has what it takes to truly protect you from the Z-Bot Trojan Malware in the future.

The Z-Bot Trojan Malware has come a long way in just a few years, coming out of nowhere to infect millions of computers around the world in a relatively short amount of time. Even though the original creator may not be running the Z-Bot Trojan Malware any longer, the fact that its code is online and constantly being talked about updated. In addition to that various Cyber-Criminals are making the latest improvements in that malware, hence it will continue to be a threat for years to come. Understanding that it’s out there and taking steps to keep yourself, your finances and your family safe is imperative for anyone who wants to avoid the headache and financial pain of identity theft.