Zbot Trojan uses pdf in taking full control of computer 1


Zbot is a information stealing which uses any document and once this is saved inside the computer then that’s it.Its enough for the if the pdf is just opened by the user. starts executing some malicious code and also can send information to another remote server.It seems this kind of sends the information to the remote server located in China.

If any pdf is filled with this Trojan and if the user downloads this pdf then you will be prompted to save a file named “Royal_Mail_Delivery_Notice.pdf”.After saving this file original file will also be saved and if you open the pdf then this Trojan starts its execution.

The Zbot trojan creates a subdirectory under %SYSTEM32% with the name “lowsec” and drops the “local.ds” and “user.ds” files. It also drops an executable “sdra64.exe” and modifies the registry entry “%SOFTWARE%\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit” to launch itself during system startup. When it runs, it injects malicious code into the Winlogon.exe instance in memory.

Thus Zbot acts as a back door for some remote computers to get full access of your machine and also it acts as frontgate for many spywares and adwares to get intruded into the machine.

(Visited 62 times, 1 visits today)

Related Post


Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “Zbot Trojan uses pdf in taking full control of computer