Yesterday, Microsoft released "Battling the Zbot Threat," a special-edition Security Intelligence Report documenting the background, functionality, prevalence and geographical distribution of the Zbot botnet.

Botnets are networks of comprised computers and pose one of the most significant threats to the online security ecosystem. The Zbot is primarily used to steal financial information, including banking login credentials from infected computers. Victims of the Zbot are typically manipulated into performing actions or revealing confidential information through social engineering attacks.

Although we have had a measurable effect on the Zbot ecosystem since broadening attack efforts to include the Malicious Software Removal Tool (MSRT) in October 2010, Botnets continue to be a growing problem affecting millions of customers.  Microsoft remains committed to fighting these threats while providing our customers with the necessary guidance, tools and programs to stay protected every day.

The greatest asset to combating these efforts can be financial institution customers.  Educate and encourage your customers to do the following, in order to mitigate the risk of these threats.

  • Drive security awareness, and stay informed. Teach users to be aware of the threat landscape around them.
  • Teach users about the importance of using strong passwords for all of their online accounts, and on your network, and of keeping passwords and personal identification numbers (PINs) secret.
  • Educate users not to click links or call phone numbers from emails received from financial institutions, but to instead call the numbers that they have on file. Remind them that financial institutions typically print customer service phone numbers on the backs of credit cards and bank statements, and it is those numbers that users should call.
  • Inform users that malware can be transmitted through instant messages on both computers and mobile devices.
  • Users should only open email attachments that they are expecting to receive. When in doubt, users should contact the person who sent the file and confirm that the attachment was intentional and non-malicious.
  • Users should install and use an email client that actively blocks active content and the automatic opening of attachments.

For more information and resources, check out the Microsoft Security Intelligence Report.


Figure: Detections of Win32/Zbot by security product category in 2010 by percentage of the monthly average for enterprise and consumer products and number of detections for Hotmail and the MSRT.