In the last month, Sunbelt Labs finds a surge in threat detections for the high risk threat Trojan-Spy.Win32.Zbot.gen, a family of password-stealing Trojan programs. The Trojan injects code from remote sites that harvest confidential data off a user's system including cached passwords, login credentials for web sites such as online banking sites, as well as data in certificates and cookies.
Reportedly, the threat can be distributed through spam email, in some instances as a file purporting to be an airline e-ticket and in other instances; it is included in spam emails from an alleged "United Parcel Service of America" as an infected attachment with the file name UPS_NNR01.zip and in another email claiming to be an e-payment notification of an order with Amazon.com. More details on Trojan-Spy.Win32.Zbot.gen and example spam emails that propagate the threat are available at http://www.sunbeltsecurity.com. The top ten results represent the number of times a particular malware infection was detected during CounterSpy and VIPRE scans that report back to Sunbelt's community of opt-in users.
The top ten most prevalent spyware threats for the month of June are: