Processing .....please wait.. 
The article has been forwarded.... 
13 percent of U.S. systems infected by ZBot malware
By siliconindia
|
Friday, 15 January 2010, 18:10 IST
Bangalore: BitDefender has warned of the rapid spread of malware intended for users of Microsoft Office Outlook Web Access. The unsolicited message directs users to "apply a new set of settings" to their mailboxes to update several "security upgrades" that have been applied. The link in the e-mail leads towards a Web page with Microsoft Office logos and instructs users to download and launch an executable file that will supposedly update their e-mail settings.
Instead, they receive a potent malware cocktail, including the Trojan.SWF.Dropper.E, a generic detection name for a family of Trojans sharing a similar behavior - they're Flash files, which usually do not display any relevant images/animations, but drop and execute various malware files (by exploiting Adobe Shockwave Flash vulnerability). The dropped files may be subject to change and different variants can drop and execute different malware programs.
Statistics showed a significant increase in the number of files the infected with Trojan.SWF.Dropper.E. The total number of the infected files increased by nearly 60 percent when comparing the first half of January to the first half of December.
The attack also included other prolific malware, including, one of the longest-lasting Trojan breeds - Trojan.Spy.ZBot.EKF, which was also intensively used into AH1N1-related malware distribution campaign.
ZBot injects code into several processes and adds exceptions to the Microsoft Windows Firewall, providing backdoor and server capabilities. It also sends sensitive information and listens on several ports for possible commands from the remote attackers. The latest variants are also able to steal bank-related information, login data, history of the visited Web sites and other details the user inputs, while also capturing screenshots of the compromised machine's desktop.
Exploit.HTML.Agent.AM uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted flash object into a Web page. Once an infected Web page is opened, the Trojan creates a specially crafted SWF object which allows the execution of a payload into the heap.
Data provided by BitDefender's Real-Time Virus Reporting System give an idea about the spreading of this malware: in the United States, the number of infected files increased in the first half of January by 10 percent, while Spain saw an increase of more than 400 percent compared to the last half of December.
Exploit.PDF-JS.Gen is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine, in order to execute malicious code on user's computer.
