Avoid TROJ_ZBOT.AXY: Don’t Click On Eye-Catching Links!

The world is still obsessed with the death of Michael Jackson. Many new things concerning both the life and death of the King of Pop are being revealed each day. Some of them are real, some - just fake imitations of important news events. However, you may be almost sure that anything you find in your inbox promising Michael Jackson's videos or pictures after just a click on the link or attachment provided, is a mere cyber criminal attack. This time the TROJ_ZBOT.AXY Trojan is being spread via fake spam messages purportedly providing answers to the question, who really killed Michael Jackson?

The attack starts with a simple email message with the subject line "Who killed Michael Jackson?" purportedly being sent from a sender named x-files. Below you can see a sample of the fake email message:

Table 1.  Fake message

After clicking on the provided link users are navigated to a remote website. This site then asks potential victims to download an executable file which purportedly includes secret information about the murder of Michael Jackson. However, don't allow your curiosity to trick you. This file gives you nothing more than a data-stealer identified as TROJ_ZBOT.AXY (no alias names have yet been detected).

When executed, TROJ_ZBOT.AXY drops a copy of itself in the system folder and creates a folder with attributes System and Hidden. Non-malicious files are then dropped there. This malware also downloads a configuration file which contains information on where to send stolen data and a list of banking-related websites from where it steals information. The whole process is then rather simple. When the victim visits any of the sites on the list, a spoofed site is displayed instead of the real one. As a result, any information provided by the user will be immediately sent to the cyber criminals.

Therefore, stay alert and watch out for fake messages. Don't allow hackers to steal your personal and financial information because you will really go through a lot of trouble while trying to get it back. Spammers and other cyber-criminals are becoming more and more creative in their malicious schemes. We, simple users, need to be very careful and do our best to secure our computers if we don't want these criminals to gain benefits from their malicious activities.