cancel
Showing results for 
Search instead for 
Did you mean: 

Zeus or Zbot trojan

I haven't found anything on the McAfee site about the Zeus or Zbot trojan that peaked in mid November.  I read about it in the Costco newsletter and read a detailed document on the Norton site.  I got an email message on webmail that was reportedly by the IRS.  I checked the links and they seemed ok, but I don't think that I actually followed the links.  The Norton document says to run their scanner and it will find and remove the trojan.  I need to know whether McAfee will recognize and remove it.  This is a nasty trojan that captures security codes and passwords.  It has an install kit that makes it easy for people to set up and send out, so there can be many variations.

3 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Zeus or Zbot trojan

Moved to General Malware Discussion.

If you use the search function on the Threat Center's website for Zbot it comes up with dozens of responses under the heading PWS-Zbotxxxx  where xxxx is variable.

Each anti-malware software maker names these things differently.

http://vil.nai.com/vil/default.aspx

Likewise a search for Zeus brings up numerous hits.

Do you need help removing this or are you OK and merely asking about it?

Message was edited by: Ex_Brit on 12/1/09 10:50 AM

Re: Zeus or Zbot trojan

As far as I know, I am not infected.  I ran a full scan yesterday and it did not show up.  I just asked about it because I needed to know whether the McAfee scan would find it.  Every thing I read aout it says that it is not detectable by virus scan programs.  I received a bogus email mid November from the "irs" and do not think I followd the link.  I just wanted to verify that I was not infected.

Highlighted

Re: Zeus or Zbot trojan

Hello,


We are indeed aware of it and have been tracking it's variations as well.  Based on our description, it had been added since December 19, 2007.  Also, it has recently been Low-Profiled for being used in an airline ticket scam.


Here is the description on this malware:  http://vil.nai.com/vil/content/v_143802.htm

You can also read the research paper we have related to Zbot in which we discuss the business behind these password stealers:

http://www.avertlabs.com/research/blog/index.php/2009/09/24/inside-the-password-stealing-business/

Hope this helps.


Cheers,
Vu.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.