Warning from Web Security Lab- PDF file in your email can be a Trojan

The Websense Security Labs has revealed that a Zbot Trojan campaign is spreading through emails which connect the PC to a nasty remote server in China. Around 2,200 messages have been reported till date.

Zbot commonly referred as Zeus steals the information about confidential data from every infected computer.

It makes use of malicious PDF file that consists of the threat as an attachment which when opened asks to save a PDF file called Royal_Mail_Delivery_Notice.pdf. The recipient saves it in personal computer believing it to be general file which is actually a file with virus that takes control over the computer.

The Zbot Trojan makes a subdirectory under %SYSTEM32% with name as “lowsec” and drops the “local.ds” and “user.ds” files that are configuration files for the virus. It also drops an executable “sdra64.exe” and modifies the registry entry “%SOFTWARE%\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit” to launch itself during system startup. While running, it inputs the malicious code into the Winlogon.exe instance in memory connecting to the remote sever in China using an IP address of 59.44.[removed].[removed]:6010.

So update the anti-virus in your PC so as to keep it Trojan free.