1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Zbot HTML injection

System Infected: Trojan.Zbot HTML injection

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

Zbot P2P communication has been blocked. It is recommended that you update your virus definitions and run a full system scan as a precautionary measure.

Additional Information

This signature is designed to detect Zbot attempting to contact other infected peers. This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes.

Affected

  • Windows

Response

It is recommended to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube