At Virus Bulletin, we presented on some of the nastiest families of 2009, and zbot was one of them. Early Sunday morning was the first that the ThreatFire community started seeing a newer variant of the banking password stealing family “Zbot” in fairly high prevalence, served on a system hosted in Sweden (83.140.191.170). This variant is interesting in that it indiscriminately targets banks all over the world — the U.S., Germany, Italy, Spain, Russia, England, Ireland, etc. (the ThreatExpert report lists the banking sites here), but the users being attacked appear to be concentrated within the U.S. for now.

As always, be sure to update third party plugins (like flash players and pdf readers) in addition to your system software and add a behavioral layer of protection like ThreatFire.

This entry was posted on Tuesday, October 6th, 2009 at 3:11 am and is filed under ZBot. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.