VMZeuS

Description

ZeuS (also known as Zbot) is a malware bot Trojan that will steal user information such as banking information and credit card numbers and return that information back to its controllers. It will also create a backdoor to facilitate later access.

Symptoms

Some possible symptoms include, but are not limited to:

• Unknown emails reaching the victim's inbox with links or attachments to malicious sites or programs
• Creation of a copy of itself inside the user's Application Data folder
• Creation of a configuration file inside the user's Application Data folder
• Windows registry keys, subkeys and entries created or modified

Analysis

A ZeuS infection will commonly contact a Command & Control server for commands and can perform additional tasks such as downloading and executing additional files.

ZeuS will also monitor and intercept Web traffic on the victim's machine and has the ability to inject additional fields into webpages to steal additional info which may aid the attacker in gathering more information on his or her victim.

Instructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.