Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Battling the Zbot Threat

11 Feb 2011   #1

Win 7 Ultimate 64-bit. SP1.
Battling the Zbot Threat


As you may recall, last October we updated MSRT to include the well-known malware Zbot (aka Zeus), one of the more prolific bots we see in the wild today. Today, we released a special-edition Security Intelligence Report, entitled “Battling the Zbot Threat,” that documents the background, functionality, prevalence, and geographical distribution of Zbot malware. The paper also shows how Microsoft has had a measurable effect on the Zbot ecosystem since broadening its attack efforts to include the Malicious Software Removal Tool (MSRT) in October 2010.

As always, we continue to update MSRT with the result of ongoing research by the MMPC, all the while improving our detections. This is necessary because, as with most malware, Zbot itself is continually evolving, having undergone many changes in the last year or so, ‘updates’ to the file-based obfuscation, anti-AV defensive techniques, information stealing capabilities, configuration file protection, API hooking, pseudo-random domain generation, process injection and file infection. We’ll not go into details of many of these here, but we can show the telemetry we’ve gathered from the MSRT and Microsoft Security Essentials over the last four months documenting the percentage of Zbot detections exhibiting these new features, shown as Zbot 2.x in the chart below:

Battling the Zbot Threat (with MSRT) - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec


 Battling the Zbot Threat

Thread Tools

Similar help and support threads
Thread Forum
Battling The Bot Nation
Source A Guy
Security News
Dealing with (battling) Windows 7 Security
As a long-time Windows 7 user I never cease to be amazed (pronounced perplexed) with the various nuances of the Windows 7 implementation of security. I have always been under the impression that all tasks/processes launched during a logged-in session will inherit the privileges of the logged-in...
General Discussion
Help with Zbot infection.
I got infected with 2 Zbots. Malware Bytes removed them. Ran a scan with MBM again, still clean. Ran a scan with Eset, still clean Ran MSE clean. Ran scan with SAS, clean. Windows update still work. Reboot after all. Ran sfc 3 or 4 times with reboots after each. Unable to correct files.
System Security
I have been battling Babylon
I have been battling Babylon. I believe I have gotten all of the entries out of the registry, but I am not sure. I wonder if I did a repair install if it would construct a new registry without all of the extraneous crud such as hidden Babylon entries? Bill Bos
An Early Look at the Impact of MSRT on Zbot
MSRT is Malicious Software Removal Tool. Remember those Tuesday updates? This is one of them is accomplishing. An Early Look at the Impact of MSRT on Zbot An Early Look at the Impact of MSRT on Zbot - Microsoft Malware Protection Center - Site Home - TechNet Blogs
Zbot, the botnet in a box
Source - MSRT on Zbot, the botnet in a box - Microsoft Malware Protection Center - Site Home - TechNet Blogs
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:19.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App