We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
PWS:Win32/Zbot.AHL
Aliases: Trojan/Win32.Zbot (AhnLab) Trojan-Spy.Win32.Zbot.jlqp (Kaspersky) Trojan-Spy.Win32.Zbot (Ikarus) Win32.Asim.a (Rising AV) Trojan.Zbot (Symantec)
Summary
PWS:Win32/Zbot.AHL is malware that allows unauthorized access and control of your computer, and steals your valuable information, such as passwords. PWS:Win32/Zbot.AHL is created by kits known as "Zeus" which are bought and sold on the Internet black market.
PWS:Win32/Zbot.AHL is widespread. It can be distributed and installed on your computer in several different ways, including:
- Downloaded by other malware such as Win32/Bredolab, Win32/Kelihos, Win32/Waledac, Exploit:Win32/CplLnk, and variants of Win32/Cutwail.
- Downloaded as a payload for exploit kits such as blackhole (we detect this as Blacole), and for exploits including Exploit:Java/CVE-2012-0507, Exploit:Java/CVE-2012-1723, Exploit:Java/CVE-2013-0422, and Exploit:Win32/Pdfjsc.
- Spammed out attached to email
Visit the Win32/Zbot family description for more details.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
