Attack of Zeus, Win32/Zbot – Malware/Trojan Horse

We have noticed an uptick of inquires on our site about the Trojan Horse Zues Win32/Zbot. This bot was originally discovered in January 2010 but appears to be rearing its ugly head again with a vengeance. Zeus is a banking malware trojan, and specializes in stealing personal information (passwords, account information, etc) from interactions with banking sites through the use of “formgrabs”. This generally means that this trojan is distributed through spam campaigns and drive-by downloads form the web.

Now that a computer(s) has been infected on your network the trojan really gets to work. The bot will then attempt to send out infected emails without being detected. This will more than likely cause your mail server IP to become listed on the CBL Blacklist.

Now you may be asking yourself: How did I get infected when I have Anti-Virus on all machines and am blocking Port 25 traffic on my email server? You have done the majority of the work to protect yourself by locking the front door (Anti-Virus) and the back door (block Port 25), but you may have unknowingly left the window open (Web Filtering). With up to 85% of malware now distributed via the Web, proactive Web security is a necessity.

MxToolbox has partnered with Webroot (May 2010 Newsletter) to offer Web Filtering to protect your network from attacks through the web browser. Our Total Security Solution includes Business Email Perimeter Security in combination with Web Security to provide additional layers of protection to combat Email and Internet threats. Webroot eliminates spyware and viruses with best-of-breed scanning engines and offers a 100% guarantee. In addition to protecting against malware you have the ability to enforce web access policies across your entire organization or specific to groups of employees and generate detailed reports of Internet browsing over time.

Vulnerability Scanning and Spyware Detection

Webroot is the only Web Security Service to include Vulnerability Scanning, which is an extra layer of protection. This tool scans endpoints directly from the Desktop Web Proxy (DWP) to identify known vulnerabilities including operating systems, browser versions, media players, office programs, and other installed software

If you are interested in speaking to one of our web security experts to learn more about our Total Security offering please feel free to contact us at 866-mxtoolbox or at

Additional Resources


1 thought on “Attack of Zeus, Win32/Zbot – Malware/Trojan Horse

Leave a Reply