Incident Response, Malware, TDR

Zeus variant blocks user activity with full-screen pop-ups

Share

Researchers have detected a new Zeus variant, also known as Zbot, that carries out some annoying feats to generate money for attackers.

According to Mark Joseph Manahan, a threat response engineer at Trend Micro who blogged about the threat on Wednesday, the Zbot variant called “TROJ_ZCLICK.A,” causes users to contend with open windows (which are actually legitimate sites) displayed on their desktops.

Every time users perform an activity, like opening a window or file, their desktops are blocked by the pop-ups, Manahan wrote.

He explained that the exploits are likely carried out as part of a pay-per-click scheme, where saboteurs earn money for driving up website traffic. The legitimate content blocking users, ranges from search engines to ticketing, gaming and music sites, Manahan revealed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.