Bitdefender labs have just stumbled upon a website that presents extreme dangers to users, infecting systems with Zbot.
Infected page redirecting the user towards another compromised Internet location
The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) – a front for a well-known exploit (CVE-2010-0840) which now is used to download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised systems.
Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with backdoor and server capabilities, known to collect from its victims bank-related information, login data, history of the visited Web sites and other sensitive details. Some versions may even snatch screenshots of the compromised machine’s desktop.
Those not protected by a Bitdefender product can use our free Zbot Removal Tool that checks users’ computers, detects and eliminates most Zbot variants spotted in the wild. It is available for download and use free of charge in the Removal Tools section of Malwarecity.com.
And please don’t click on just any old site that comes your way. Most importantly, if a website redirects you towards another web location, close it at once. Last but not least, keep your Java Runtime updated at all times.
This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.