ZBot (also known as Zeus, ZeusBot or WSNPoem) is a popular trojan engineered to steal sensitive data from compromised computers. Zeus was reported to be attacking the Verified by Visa and MasterCard SecureCode verification systems introduced in recent years by spoofing Visa and MasterCard enrollment screen. The latest variants can also gather the history of the visited Web sites and other data, which users provide online, while also capturing screenshots of the their desktop.
This deadly Trojan is supposed to be spread using fake spam emails and web pages with the Trojan hosted. The latest campaign was morphing the LinkedIn login page. Once installed, ZBot modifies the files and folders’ structure, adds registry keys, injects code into several processes like winlogon.exe or svchost.exe, and adds exceptions to the Microsoft Firewall providing backdoor and server capabilities. It also sends sensitive information and listens on several ports for possible commands from the remote attackers’ command-and-control center. Unfortunately its very difficult to catch this Trojan using an antivirus software because of its large number of variants.
BitDefender has released the latest version of ZBot Removal Tool which is available for free to anyone who wants to download it. The removal tool checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild.
For a comprehensive list of ZBot features and other technical description details, please check out the BitDefender Virus Encyclopedia.
Download the Zeus Zbot Trojan Removal Tool by Bitdefender below: