Yesterday, Microsoft released “Battling the Zbot Threat,” a
special-edition Security Intelligence Report documenting the background, functionality,
prevalence and geographical distribution of the Zbot botnet.
Botnets are networks of comprised computers and pose one of
the most significant threats to the online security ecosystem. The Zbot is
primarily used to steal financial information, including banking login
credentials from infected computers. Victims of the Zbot are typically
manipulated into performing actions or revealing confidential information
through social engineering attacks.
Although we have had a measurable effect on the Zbot
ecosystem since broadening attack efforts to include the Malicious Software
Removal Tool (MSRT) in October 2010, Botnets continue to be a growing
problem affecting millions
of customers. Microsoft remains committed
to fighting these threats while providing our customers with the necessary
guidance, tools and programs to stay protected every day.
The greatest asset to combating these efforts can be financial
institution customers. Educate and encourage your customers to do the
following, in order to mitigate the risk of these threats.
Drive security awareness, and stay informed.
Teach users to be aware of the threat landscape around them.
Teach users about the importance of using strong
passwords for all of their online accounts, and on your network, and of keeping
passwords and personal identification numbers (PINs) secret.
Educate users not to click links or call phone
numbers from emails received from financial institutions, but to instead call
the numbers that they have on file. Remind them that financial institutions
typically print customer service phone numbers on the backs of credit cards and
bank statements, and it is those numbers that users should call.
Inform users that malware can be transmitted
through instant messages on both computers and mobile devices.
Users should only open email attachments that
they are expecting to receive. When in doubt, users should contact the person
who sent the file and confirm that the attachment was intentional and
Users should install and use an email client
that actively blocks active content and the automatic opening of attachments.
For more information and resources, check out the Microsoft Security
Detections of Win32/Zbot by security product category in 2010 by percentage of
the monthly average for enterprise and consumer products and number of
detections for Hotmail and the MSRT.