I haven't found anything on the McAfee site about the Zeus or Zbot trojan that peaked in mid November. I read about it in the Costco newsletter and read a detailed document on the Norton site. I got an email message on webmail that was reportedly by the IRS. I checked the links and they seemed ok, but I don't think that I actually followed the links. The Norton document says to run their scanner and it will find and remove the trojan. I need to know whether McAfee will recognize and remove it. This is a nasty trojan that captures security codes and passwords. It has an install kit that makes it easy for people to set up and send out, so there can be many variations.
Moved to General Malware Discussion.
If you use the search function on the Threat Center's website for Zbot it comes up with dozens of responses under the heading PWS-Zbotxxxx where xxxx is variable.
Each anti-malware software maker names these things differently.
Likewise a search for Zeus brings up numerous hits.
Do you need help removing this or are you OK and merely asking about it?Message was edited by: Ex_Brit on 12/1/09 10:50 AM
As far as I know, I am not infected. I ran a full scan yesterday and it did not show up. I just asked about it because I needed to know whether the McAfee scan would find it. Every thing I read aout it says that it is not detectable by virus scan programs. I received a bogus email mid November from the "irs" and do not think I followd the link. I just wanted to verify that I was not infected.
We are indeed aware of it and have been tracking it's variations as well. Based on our description, it had been added since December 19, 2007. Also, it has recently been Low-Profiled for being used in an airline ticket scam.
Here is the description on this malware: http://vil.nai.com/vil/content/v_143802.htm
You can also read the research paper we have related to Zbot in which we discuss the business behind these password stealers:
Hope this helps.