The Zeus Trojan (Zbot) is a specific Trojan virus that targets Windows computers to extract sensitive financial information. A Zbot achieves this through Man-in-the-browser (MitB) attacks, keystroke logging (keylogging), form grabbing,. Zbots are also able to launch CryptoLocker ransomware attacks.
Zbots are deployed as mail spam, through malicious social engineering and via insertion of itself into legitimate product downloads (aka drive-by download attack). Once downloaded, it creates a backdoor into the machine and creates a way into the larger network.
Zbots have typical uses often targeting financial services, with individual coordinated attacks resulting in the theft of tens or hundreds of millions of dollars. An active Zbot inspects the host for email usernames and passwords of account holders and financial information that correlates to the credentials. Once it locates and collects what it is seeking, the Zbot sends it to a hacker’s remote location where the information is used for account takeover (ATO) and other forms of financial fraud and similar abuses.
“Windows admins need to be wary of the Zeus Trojan, or Zbot. It’s a rather nasty virus that targets Windows computers, to extract financial and user information for nefarious purposes.”