Password stealing trojan on the loose

Security experts at MicroWorld have reported an alarming increase in the number of infections caused by the ZBot-D Trojan. The ZBot-D Trojan also known as ZBot, first surfaced in February, 2008 and mostly spreads via emails. It can effortlessly disable the firewall, steal financial data, and can also provide the hacker remote access to the infected system. ZBot has been designed very craftily to perform multiple malicious activities at a given point of time.

It can modify system files, create new system processes and automatically delete cookies in the Internet Explorer URL cache, so that key strokes are recorded and sent to the botnet herder, when unsuspecting users enter their passwords on online banking Web sites.

Once any user opens a ZBot infected email, a file named “ntos.exe” is automatically installed in the system folder that adds entries in the registry to automatically invoke the Trojan at the system start up. The Trojan then creates havoc in the system such as, forwarding your personal details to remote websites from where the details are used by hackers and botnet herders, which in turn is sold to criminals for financial gains. It also starts flooding the inbox with loads of Spam and transforms the infected machine into a zombie computer, member of a botnet network.

The zombie machines are then used for performing criminal activities like, Coordinated DDOS Attacks, Spamming etc. by the botnet controller.