Alerts

ZeusBot metamorphoses into Internet Antifraud Department

Inboxes struck by Trojanized bolts of lightning

Have you ever heard of that prank about The End of the Internet? A mere invention, that innocent page displays a message announcing users that the site they are looking for “is not experiencing technical difficulties, it is simply the end of the Internet”.

Another work of fiction – Internet Antifraud Department – seems to be the sender behind one of the large spam waves we detected lately. However, it invites recipients to a destination less amusing – ZBot.Trojan Olympian peaks.

ZeusBot Zeus Bot

Failed logon attempts, issues with your bank account and any other e-banking misfortunes one could imagine plus a shortened URL should be enough to drive fleeceable users towards pages serving one of the most deceitful breeds of malware.

And yes, once on that page, this time could be the end of the Internet – at least for those machines not protected by a comprehensive security solution. Because ZBot likes to mess with the system processes and “remove some bricks” from the Microsoft® Windows® Firewall, providing thus backdoor capabilities. Meanwhile, it also sends sensitive information and eavesdrops on several ports for possible commands from the remote attackers.

The latest variants are also able to steal bank-related information, login data, history of the visited Web sites and other details the user inputs, while also capturing screenshots of the compromised machine’s desktop.

Few words of advice – send Internet Antifraud Department’s unsolicited messages to the oblivion by hitting that tinny Delete button on the upper-right corner of your keyboard and don’t click any link displayed in the spam. To make sure your system is clean, do a quick check, by running Quick Scan, BitDefender’s free in-the-cloud solution.

This article is based on the technical information provided courtesy of Daniel Dichiu, BitDefender Online Threats Researcher.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.