This month, the MSRT team has added detection and removal for Zbot, one of the most widely known active botnets  today.  Although the malware itself is quite complex and varied, the technical acumen required to use and distribute it is actually quite low.  Toolkits to create the malware are easily attainable and quite simple to use as the following screenshot shows. 

 Underground forums are teeming with questions ranging from the very basics about configuring the malware to people boasting about the size of their botnets.  Even the botnet controllers are themselves quite varied, from apparent hobbyists to those that likely have more nefarious intent.

 This family is quite prolific even if the intent behind some of the botnets is unclear.  That said, we find ourselves knocking on Zbot’s door this month, and we’re glad we are. Zbot is the latest addition to MSRT’s ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights. 

Matt McCormack
MMPC Melbourne, Australia