2 min read

Banker Trojan Zbot Allies With Well-Known Exploit

Loredana BOTEZATU

March 01, 2012

Banker Trojan Zbot Allies With Well-Known Exploit

Bitdefender labs have just stumbled upon a website that presents extreme dangers to users, infecting systems with Zbot.

Once accessed, the site opens an apparently innocent HTML page (Trojan.JS.QOS). The simple “Please wait page is loading…”content hides, however, a tricky JavaScript that redirects users to another malicious JavaScript.

 

Infected page redirecting the user towards another compromised Internet location

This second JavaScript file (Trojan.JS.Redirector.YF) is called js.js and is stored in a folder with a randomly generated name. It appears this malicious JS file has been planted on a multitude of servers that host otherwise clean websites, probably as a result of FTP credentials theft. This script has the sole purpose of redirecting the user to the exploit page, the final stop in this redirection trip.

The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) – a front for a well-known exploit (CVE-2010-0840) which now is used to download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised systems.

Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with backdoor and server capabilities, known to collect from its victims bank-related information, login data, history of the visited Web sites and other sensitive details. Some versions may even snatch screenshots of the compromised machine’s desktop.

Those not protected by a Bitdefender product can use our free Zbot Removal Tool that checks users” computers, detects and eliminates most Zbot variants spotted in the wild. It is available for download and use free of charge in the Removal Tools section of Malwarecity.com.

And please don”t click on just any old site that comes your way. Most importantly, if a website redirects you towards another web location, close it at once. Last but not least, keep your Java Runtime updated at all times.

This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read