Couple arrested in connection with Zbot Trojan horse

Filed Under: Law & order, Malware, Spam

New Scotland Yard
A man and a woman have been arrested in Manchester by officers of the Greater Manchester Police and Metropolitan Police Central e-Crime Unit (PCeU) in connection with the Zbot family of Trojan horses.

Zbot is one of the most notorious pieces of malware of recent times. It's a data-stealing Trojan horse, designed to grab information from internet users which would help hackers break into online bank accounts and social networking sites such as Facebook and MySpace.

Of course, once a hacker has your bank account information they can login and potentially transfer money to other accounts. If they break into your Facebook page they could use that to spread spam and phishing messages to the compromised account's online buddies.

Typically versions of the Zbot Trojan horse have been spammed out to unsuspecting internet users, using a variety of social engineering tricks to try to trick the unwary into opening an attachment or clicking on a link to a website hosting malware.

A Zbot attack posing as an email from the IRS

One of the most recent Zbot-related attacks involved an email claiming to come from Vodafone or Verizon Wireless, saying that the recipient's credit balance was over the limit. Running the attached "Balance Checker Tool" infected the user's computer with a version of the Trojan horse.

Bogus email claiming to come from Verizon Wireless

But there's something else that Zbot does, and the clue is in the "bot" part of its name. Zbot hijacks your computer, making it part of a criminal botnet. Hackers control thousands of compromised computers around the world - using them as a zombie army to spew out spam, spread more malware and launch denial-of-service attacks.

It's worth bearing in mind, of course, that although the arrests have been in the UK, the Zbot family of malware is a problem that has been hitting computer users around the world - it is truly a global threat.

Zbot (also known as Zeus) is a significant malware family - the many different variants of the Trojan in existence have been distributed in a variety of different disguises. If the police have made a positive step in unravelling one of the gangs behind Zbot infections then that's good news for everyone interested in making the internet a safer place - but there are plenty of other bad guys out there spreading strains of the malware.

The names of the two people arrested under the Computer Misuse Act 1990 and the 2006 Fraud Act have not been released, but it is known both are aged 20 years old. They have now been released on bail pending further enquiries.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.