Jump to content

Recommended Posts

"Dear Subscriber,

(My ISP) has identified that one or more of the computers behind your cable modem are likely infected with the Zeus Trojan/bot, also known as Zbot.

While this malicious software is not new, it still poses a great risk to your computer and files that reside on your hard drive.



Zeus malware uses keylogging in order to access user names and passwords and infected over 13 million computers worldwide."




This is not the whole email the other part goes into how to scan my pc for it.

My question is why can't I find it on any of my computers ? The Zeus Trojan/bot, also known as Zbot I mean. If I am infected.

Should I trust this email ?

I asked my ISP if it was a email from them and they said yes.

Can this Zeus Trojan/bot, also known as Zbot infect a iPhone or iPad ?

Any help greatly appreciated. Thanks.

Link to post
Share on other sites

It depends.  The ZBot trojan has gone into the background while other malware is much more prevalent in the Foreground.  Some frauds use that "name" in some scam ploys.  The ZBot trojan is a MS Windows trojan and does not cross the OS barrier.

The only well to tell is to examine the Full Header a and Body of the email in raw format.

Let's assume your ISP is Comcast.  There is a a part if the Email Header that shows the path the email has taken from the sender to the receiver.  That would ( in this example ) show the sender and the path all being on the Comcast network.  If the Headers show something else, then it is fraudulent.

 

If you can obtain the Full Header and Body of that email, you can attach that in a TXT file.  And I mean attach it

Please... do not Copy and Paste into the information into a reply.  This will protect your privacy.

Link to post
Share on other sites

Well my ISP said it was a legitimate email.

My problem is knowing if Zeus Trojan/bot, also known as Zbot can go into computer hardware somehow? Routers? Or is that not possible ?

I ran Malwarebytes Pro and it didn't find Zeus Trojan/bot, also known as Zbot.

Does that mean I am safe ?

 

Link to post
Share on other sites

The ZBot ONLY affects MS Windows.

I do not now what you mean by " Well my ISP said it was a legitimate email. "

Did the email give you a Ticket or Case Number and when you called the ISP you gave them that Ticket or Case Number and your ISP authenticated it ?

Edited by David H. Lipman
Link to post
Share on other sites

1 minute ago, David H. Lipman said:

The ZBot ONLY affects MS Windows.

I do not now what you mean by " Well my ISP said it was a legitimate email. "

Did the email give you a Ticket or Case Number and when you called the ISP you gave them that Ticket or Case Number and your ISP authenticated it ?

Yes. The email has a Ticket or Case Number in the subject that I didn't copy over.

Do ISPs really know security though and is it possible it could be a false positive?

If not how can I tell what computer my network has this Zeus Trojan/bot, also known as Zbot?

 

Link to post
Share on other sites

Your ISP can not be 100% certain since they can not access any Windows PC on the LAN side of your Router.  The ISP can detect TCP/IP activity that may appear to be that of a particular malware.  Since they do not have direct first-hand knowledge the possibility of a False Detection is possible.  The ISP can not tell you what is generating that activity so it can be any Windows PC that is behind the Router.  For example, if you have a badly configured WiFi ( wardriving event ) or if you have provided the WiFi SSID and Password/Passphrase to others then someone else's computer may be generating the packets the ISP flagged as being indicative of a ZBot infection.  The ISP only sees signature based activity and will then contact the subscriber based on suspicions.

Since neither you or the ISP can tell what computer is generating the suspicious packets, you have to look at ALL MS Windows based computers that access your Local Area Network ( LAN ) that connects to the ISP's network.

Link to post
Share on other sites

1 minute ago, David H. Lipman said:

Your ISP can not be 100% certain since they can not access any Windows PC on the LAN side of your Router.  The ISP can detect TCP/IP activity that may appear to be that of a particular malware.  Since they do not have direct first-hand knowledge the possibility of a False Detection is possible.  The ISP can not tell you what is generating that activity so it can be any Windows PC that is behind the Router.  For example, if you have a badly configured WiFi ( wardriving event ) or if you have provided the WiFi SSID and Password/Passphrase to others then someone else's computer may be generating the packets the ISP flagged as being indicative of a ZBot infection.  The ISP only sees signature based activity and will then contact the subscriber based on suspicions.

Since neither you or the ISP can tell what computer is generating the suspicious packets, you have to look at ALL MS Windows based computers that access your Local Area Network ( LAN ) that connects to the ISP's network.

Ok thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.