|22 Mar 2014||#1|
ZBOT Adds Clickbot Routine To Arsenal
The ZeuS/ZBOT malware family is probably one of the most well-known malware families today . It is normally known for stealing credentials associated with online banking accounts. However, ZBOT is no one-trick pony. Some ZBOT variants perform other routines like downloading or dropping other threats like ransomware.
We recently came across one variant detected as TROJ_ZCLICK.A, which seemingly “locks” the desktop to display websites. This kind of behavior is out of the ordinary for a ZBOT variant. Once it infiltrates the system, this occurs every time the user performs any activity, such as opening a window or file. These sites occupy the entire desktop screen, hindering access to any open windows or files. There have been instances wherein the user can still see the open windows, but with the sites running in the background. Users can bypass this inconvenience by performing the “show desktop” command but the malware will continue to display windows.
|My System Specs|
|Similar help and support threads for2: ZBOT Adds Clickbot Routine To Arsenal|
|Help with Zbot infection.||System Security|
|Battling the Zbot Threat||Security News|
|Zbot, the botnet in a box||Security News|
|Zbot Desperately Seeking AIM Users.||Security News|
|Post your Security Arsenal||System Security|
© Designer Media Ltd
All times are GMT -5. The time now is 06:35 AM.