Protecting Your Financial Information in the Fight Against Zbots

  • Article

Yesterday, Microsoft released "Battling the Zbot Threat," a
special-edition Security Intelligence Report documenting the background, functionality,
prevalence and geographical distribution of the Zbot botnet.

Botnets are networks of comprised computers and pose one of
the most significant threats to the online security ecosystem. The Zbot is
primarily used to steal financial information, including banking login
credentials from infected computers. Victims of the Zbot are typically
manipulated into performing actions or revealing confidential information
through social engineering attacks.

Although we have had a measurable effect on the Zbot
ecosystem since broadening attack efforts to include the Malicious Software
Removal Tool (MSRT) in October 2010, Botnets continue to be a growing
problem affecting millions
of customers.  Microsoft remains committed
to fighting these threats while providing our customers with the necessary
guidance, tools and programs to stay protected every day.

The greatest asset to combating these efforts can be financial
institution customers.  Educate and encourage your customers to do the
following, in order to mitigate the risk of these threats.

- Drive security awareness, and stay informed. Teach users to be aware of the threat landscape around them.

Teach users about the importance of using strong  
passwords for all of their online accounts, and on your network, and of keeping  
passwords and personal identification numbers (PINs) secret.
  • Educate users not to click links or call phone
    numbers from emails received from financial institutions, but to instead call
    the numbers that they have on file. Remind them that financial institutions
    typically print customer service phone numbers on the backs of credit cards and
    bank statements, and it is those numbers that users should call.
  • Inform users that malware can be transmitted
    through instant messages on both computers and mobile devices.
  • Users should only open email attachments that
    they are expecting to receive. When in doubt, users should contact the person
    who sent the file and confirm that the attachment was intentional and
    non-malicious.
  • Users should install and use an email client
    that actively blocks active content and the automatic opening of attachments.

For more information and resources, check out the Microsoft Security
Intelligence Report.

 

Figure:
Detections of Win32/Zbot by security product category in 2010 by percentage of
the monthly average for enterprise and consumer products and number of
detections for Hotmail and the MSRT.