Threat Description

Trojan-Spy:​W32/Zbot.PUA

Details

Aliases:Trojan-Spy:​W32/Zbot.PUB, Rootkit.39841, Trojan-Spy.Win32.Zbot.aovj
Category:Malware
Type:Trojan-Spy
Platform:W32

Summary



This type of trojan secretly installs spy programs and/or keylogger programs.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Trojan-Spy:W32/Zbot.PUA is notable for being specifically designed to steal SMS messages containingm obile transaction authentication number (mTANs), which are like single-use passwords sent by banks to to their account holders' mobile phones to verify online transactions.

By stealing this information, attackers raiding a online bank account are able to perform transactions they would otherwise be unable to complete without offline authorization.

The trojan-spy first uses standard social engineering tactics (either phishing or pharming) to deceive a user into giving out the username and password for their online bank accounts. The added twist for this this trojan-spy is that it also asks for the user's mobile phone details.

Based on the provided information, the trojan-spy then sends an SMS message to the user's phone, containing a link to a malicious mobile component, which we detect asTrojan:SymbOS/ZeusMitmo.A. This trojan is responsible for monitoring and stealing the SMS messages containing mTANs.

In our analysis, the mobile malware installed is a Symbian-signed file for S60 3rd Edition mobile phones. The file is named cert.sis; it may also be deceptively billed as a "Nokia Update". The mobile component has also been reported to be available in .jad files for Blackberry devices.

This trojan-spy is also discussed in the following Labs Weblog post:






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More