Click Here for Wikipedia Definition of Malware

Background

Win32/Zbot is a family of password-stealing trojans that contain backdoor functionality which allows attackers to control infected computers remotely through illicit networks called botnets.
The Win32/Zbot family warranted a close examination because of evidence that its presence on the World Wide Web was increasing. This family of botnets first drew attention in press and media when Win32/Zbot was detected1 in mid-2007 attacking the U.S. Department of Transportation.

The botnet world is divided between bot families that are closely controlled by independent groups of attackers and those that are created through malware kits. These kits are collections of tools, sold and shared within the malware underground, that enable aspiring botnet operators, or bot-herders, to assemble their own botnets by creating and spreading malware variants. Win32/Zbot is a kit-based family; its variants are built using a malware kit called Zeus. Although security professionals and news accounts often make reference to the Zeus botnet, it’s important to realize that computers infected with Win32/Zbot do not all belong to a single large botnet, but instead many smaller independently controlled botnets that are controlled by many bot-herders.

Functionality

From its first releases in late 2006 and early 2007, Win32/Zbot included a number of functions and behaviors that often indicate professionally developed malware. These functions and behaviors include:

• Process injection, in which the malware runs within a process spawned by a legitimate program or operating system component in an effort to avoid detection.
• Encryption of stolen data using strong encryption.
• Multi-process interconnectivity, in which the malware persists across all Windows processes using a Mutex to coordinate threads.
• API hooking to intercept browser information. Rather than use a keylogging mechanism, Win32/Zbot interfaces directly with popular browsers to monitor traffic and information.
• Custom-engineered packer and obfuscation techniques to evade detection by security software.
• Easy-to-use interfaces for installing, configuring, and using the Win32/Zbot builder and server components of the Win32/Zbot kit.

Check out this page on
Microsoft.com:http://www.microsoft.com/security/sir/story/default.aspx?section_4_5

Last night at home, we received an out of area call from someone
presenting to be from Microsoft advising us that our home computer had a
virus that was sending out all of our personal information, including
banking, etc. to various locations on the internet. He said that he had
been instructed to call us immediately so he could take care of the virus
and “fix” our problem. He was very difficult to understand, but he asked us
to log in to our computer and allow him access so he could take care of
this. O course, we refused to do this, but it did concern me.
We contacted Charter to see if there were any problems and told them of
the call. To make a long story short, they said it was a “phishing” scam
and they were trying to get access to our computer. Microsoft would never
contact us, we would have to contact them.
Beware! We have been receiving this call for about two weeks now,
various times during the day and evening and sometimes when we answer, they
say “hold for an important message” and we just hang up. This time we
picked it up before caller id had time to come up and we got the call
immediately. I worry about teens that answer the phone and may not realize
it is a scam. Pass this along to anyone that may fall prey to a very
convincing Phish line.

—- BEWARE OF ALL THESE SERVICE FRAUDS. DEAL WITH PEOPLE YOU CAN GO VISIT.
My personal rule of thumb is “if i can’i shake your hand at some point, you
can’t do any work for me”.

—DOC

Click on the REGISTER link here or at left side near bottom,  join the team then start saving and helping others!

Members will be getting some special offers as we develop this site. Discount service cupons, free service rewards and much more.

JOIN NOW TO GET STARTED!

Typically, rogue anti-spyware such as AntiVira AV has one or more of the
qualities listed below, which is why rogue anti-spyware is considered
anti-spyware software of questionable value.

False positives/fake alerts: Rogue anti-spyware may produce a large number
of false positives or use fake alerts, noting that your computer is infected
with spyware parasites or other threats that do not really exist.

Copycat looks: Rogue anti-spyware may copy the look and feel of other
legitimate or rogue anti-spyware applications. Often, rogue anti-spyware
applications may appear as close clones of other rogue anti-spyware
software.

High pressure marketing: Rogue anti-spyware may use scare tactics or other
aggressive advertising and marketing tactics to try to trick you into buying
the rogue anti-spyware application. Often, rogue anti-spyware may produce
false positives and fake alerts about your computer being infected.

Poor detection/scan reporting: Rogue anti-spyware may produce poor reports
when it scans your PC. For example, rogue anti-spyware may say your computer
is infected 11 parasites, but not specify which spyware parasites or what
type of parasites. Rogue anti-spyware may also report that your PC is
infected with trojans or malware but not tell you which related files, DLLS,
etc. were found on your computer.

Weak scanning/detection: Rogue anti-spyware may not only poorly report on
computer infection, but rogue antispyware may also poorly scan your PC.
Rogue anti-spyware may skip over important folders and files of your
computer that should be scanned to detect spyware.

Did AntiVira AV use these tactics to trick you into buying AntiVira AV?
Let me explain some definitions related to AntiVira AV.

AntiVira AV May Be Rogue Anti-Spyware
Rogue anti-spyware refers to anti-spyware/antivirus software of questionable
value. Rogue anti-spyware may not be proven to protect your computer from
spyware, may popup fake alerts or create many false positives about your PC
being infected, or may use scare tactics to try to get you to purchase the
application. Rogue anti-spyware software may be installed by a Trojan, come
bundled with other software, or install itself through web browser security
holes. While it is fairly rare, some rogue anti-spyware is created and
distributed by known spyware or adware companies, and the rogue anti-spyware
may install spyware or adware itself.
Often when you’re infected with rogue anti-spyware like AntiVira AV, you’ll
see a false popup security alerts beside your clock (your notification icon
area) and the rogue will re-install itself after reboot even after you think
you have removed it completely.
–DOC

Doc