Zbot continues to make its rounds in full force for 2014

It’s almost no surprise that the world's most popular bank information stealing trojan is back for 2014, and now it's using a few new tricks.

The new attack emails use something call I like to call a Stactic (scare tactic), and are coming from what appears to be large law firms throughout the country. The email intends to confuse the reader by calling for an appearance in court as a defendant in a pirated software case. Example:

Previous Zbot attacks did not trigger a visible event when the victim opened the message. The trojan would infect the system and render it vulnerable to every possible hijack, but the user would never see anything on the screen.

The new Zbot attack issues this “error” message:

This message attempts to distract the user from what is really happening in the background. It's amateurish, but it could be enough to keep some users from investigating further.

After a successful installation, Zbot begins monitoring computer behavior for visits to financial institutions. If the malware detects a bank, credit union, or other viable target, it will then monitor keystrokes and take screen shots in order to capture the relevant credentials.

As always, you should not open an email if you are unfamiliar with the sender or if it looks suspicious in any way. If you notice something suspicious, you should delete the message, mark it as spam, or consult with someone in tech support. In this case, you can be sure that if you are really being called in to court, you will receive more than an email.

Barracuda Real Time Protection System protects against these emails and the malware destination/control servers.

Barracuda Spam and Virus Firewall