- Apr 25, 2013
- 5,355
Zemot dropper is a strain of the Upatre malware downloader that has been observed by security researchers to benefit from multi-distribution points that include both compromised websites and the Asprox/Kuluoz spam botnet.
Microsoft noticed activity from TrojanDownloader:Win32/Upatre.B back in late 2013 and determined that it was preferred by cybercriminals for the distribution of a two pieces of click-fraud malware (PWS:Win32/Zbot.gen!AP and PWS:Win32/Zbot.CF).
In May 2014, the company decided to rename Upatre.B to Zemot in order to differentiate between the threats similar in nature but with certain particularities that set them apart enough to label them as a new malware family.
Among the notable features of Zemot is the use of several techniques to make sure that the downloaded module will be successful on all Windows platforms.
On the same note, downloads are stored under unique file names that allow the attacker multiple infections of the same machine.
Furthermore, Microsoft says that “modules such as getting the OS version, user privilege, URL parsing and the downloading routine are taken from the Zbot source code.”
Given the popularity of the Zemot family of downloaders, the company added it to the Malicious Software Removal Tool this month to help protect its customers.
Microsoft noticed activity from TrojanDownloader:Win32/Upatre.B back in late 2013 and determined that it was preferred by cybercriminals for the distribution of a two pieces of click-fraud malware (PWS:Win32/Zbot.gen!AP and PWS:Win32/Zbot.CF).
In May 2014, the company decided to rename Upatre.B to Zemot in order to differentiate between the threats similar in nature but with certain particularities that set them apart enough to label them as a new malware family.
Among the notable features of Zemot is the use of several techniques to make sure that the downloaded module will be successful on all Windows platforms.
On the same note, downloads are stored under unique file names that allow the attacker multiple infections of the same machine.
Furthermore, Microsoft says that “modules such as getting the OS version, user privilege, URL parsing and the downloading routine are taken from the Zbot source code.”
Given the popularity of the Zemot family of downloaders, the company added it to the Malicious Software Removal Tool this month to help protect its customers.