Zbot trojan is a information stealing Trojan which uses any pdf document and once this trojan is saved inside the computer then that’s it.Its enough for the trojan if the pdf is just opened by the user.Trojan starts executing some malicious code and also can send information to another remote server.It seems this kind of Trojan sends the information to the remote server located in China.
If any pdf is filled with this Trojan and if the user downloads this pdf then you will be prompted to save a file named “Royal_Mail_Delivery_Notice.pdf”.After saving this file original file will also be saved and if you open the pdf then this Trojan starts its execution.
The Zbot trojan creates a subdirectory under %SYSTEM32% with the name “lowsec” and drops the “local.ds” and “user.ds” files. It also drops an executable “sdra64.exe” and modifies the registry entry “%SOFTWARE%\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit” to launch itself during system startup. When it runs, it injects malicious code into the Winlogon.exe instance in memory.
Thus Zbot acts as a back door for some remote computers to get full access of your machine and also it acts as frontgate for many spywares and adwares to get intruded into the machine.
Old Concept of attack,spread virus with the help of exe files or even some files with different extension.Same methodology is used but instead of using exe files pdf files are used to spread the virus.Main drawback is user need not even click on anything its enough if you open the pdf file.This is more or less similar to a worm but the only difference is worm will spread on its own but to spread this kind of virus user have open the pdf file
Earlier, virus was spreading with the help of Acrobat Software,software used to create PDF documents.Most important thing is its also possible to hack your computers with the help of this acrobat reader.If a pdf file is going to be a virus then its possible to install some bad software on your system and after which the system information and all the other details can easily be hacked from your personal computer or laptop
McAfee has also released some patches to identify this virus and also to destroy it but not to the full extent