January 5, 2011

TSPY_ZBOT.XMAS

This is a very dangerous spyware which lures the users perform tasks that may result in malicious routines or programs on their programs. It comes as a Christmas card and deceives the user that they are not accessing any malicious sites.





Effects: 

  • It downloads a configuration file from a remote URL that contains a list of online sites to monitor
  • Bypasses the Firewall which allows attackers to inject the malicious code
  • Monitors Browsing History that invokes key loggers to log the data file
  • Sends the gathered data to remote sites which helps the attacker to do malicious activities.
This Spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It may be downloaded from remote sites by other malware.
  • It modifies registry entries to enable its automatic execution at every system startup and the hosts files that will disable some sites being used by the user.
  • This will enable try to steal sensitive data like banking information, user names and passwords
  • It attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites
  • It terminates the process outpost.exe and zlclient.exe if they are existing on the system which helps it to run uninterrupted.
  • It also has rootkit capabilities, which enables it to hide its processes and files from the user.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More