Trojan.Zbot!gen4 is a generic detection technology to identify computer threats that belongs to Trojan.Zbot family. Files detected as Trojan.Zbot!gen4 are considered malicious and poses security risks on computer and its network environment. The Trojan uses social engineering a lot to spread itself on computers via the Internet. It continuously updates itself and propagates as spam email messages containing latest news and events.

Also Identified As:
Trojan-Spy:W32/Zbot (F-Secure), PWS-Zbot (McAfee), Trojan-Spy.Win32.Zbot (Kaspersky), Win32/Zbot (Microsoft), Troj/Zbot-LM (Sophos), Troj/TDSS-BY (Sophos), Troj/Zbot-LO (Sophos), Troj/Buzus-CE (Sophos), Sinowal.WUR (Panda Software)

Damage Level: High

Systems Affected: Windows 9x, 2000, XP, Windows Vista

The Trojan immediately identifies the current privilege on the target computer. For user that is logged-in with ordinary privilege, Trojan will place its files under %UserProfile%\Application Data folder. While if target has administrative privilege, files are dropped on %System% folder.

When Trojan.Zbot!gen4 is installed, it communicates to Command and Control server (C&C) and download configuration file and receive supplementary instructions.

With its backdoor capabilities, Trojan.Zbot!gen4 can perform malicious actions on the infected computer including the following:

  • Make system unstable by deleting system and driver files
  • Disable access to certain web site by blocking specific URL
  •  Modify Internet browser’s default home page to redirect user to unsolicited web page
  • Execute or upload local files
  •  Download and execute additional malicious files from a remote location

Trojan.Zbot!gen4 spreads in various methods and one of which is through spam email campaign. The email will consists of interesting message that pretends to be from an established company like Microsoft, FaceBook, Yahoo, or Google. There are also instances that email arrives with appealing subjects that involve celebrities, politician and recent events.

Additionally, drive-by-download method may drop this Trojan on computers anonymously when gullible user visits an unfamiliar web site. The method will exploit vulnerabilities that are commonly discovered on outdated Internet browser and security holes.

Leave a Reply

Your email address will not be published. Required fields are marked *