New ZBOT variant embeds connection logic into infected files
A new ZBOT variant now uses a file infector approach to embed connection logic into infected executable files. When these infected executable files are run, it will attempt to connect to a malicious server and download even more malware agents.
ZeuS/ZBOT Tries Out File Infection
QUOTE: ZeuS/ZBOT is best known for its information-stealing routines via the use of configuration files downloaded from their home sites. They are created using toolkits that allow remote control of the malware. Getting them to infect target systems is the tricky part. Cybercriminals have thus tried utilizing drive-by downloads, spammed messages, worm propagation, and many more ways. This time, they are trying out file infection.
The malware detected by Trend Micro as PE_ZBOT.A injects code into target files and modifies its entry point to redirect to its code. This allows the malware to run its code whenever the infected file is executed. It then attempts to connect to the remote sites from which it downloads and executes malicious files that allow it to steal information from an affected system.