How Is The Zbot Trojan Spread Via Fake IRS Emails?

Every couple of years in the world of online crime there are certain viruses and trojans that become a popular way of spreading malware.

Hackers will see that a certain method is working for a rival group and they will reverse engineer that method.

After they reverse engineer the problem, they will then commence to use it for themselves.

Sometimes they do not even have to reverse engineer the problem.

The code may be available for a person to get, either through payment or for free.

zbot trojan spread via irs email

The Zbot / Zeus Trojan

One popular piece of code that is making the rounds, in the criminal circuit, is the Zbot or Zeus trojan.

The Zbot Trojan is becoming a huge threat especially during the holiday seasons.

The creators of the Trojan first send you an email that seems to come from the IRS.

It then request that you go to a web site so that you can fill out a “tax refund request form”.

Once you are at the site, your computer browser will seem like it is seeing a blank HTML page.

This page, while looking innocent, is actually doing something very damaging.

It is uploading the Zbot Trojan on your computer.

Once the Trojan is allowed to load onto your computer is then installs a malicious program that will either use your computer as part of a bot network or try to attempt to steal your personal information.

So far this technique has been used with only fake emails from the IRS.

IRS Fears

This is pretty effective because it plays on a lot of fears that people have when it comes to the IRS.

They do not want to miss any information that might come from them since they fear that they might get in trouble.

Also they provide an extra carrot on the stick by telling you that it involves a refund that you are due to receive.

This would make even the most cautious person at least think about clicking the link.

This is just a reminder that you must be careful, even if the email seems to be coming from a government organization.

All emails can be faked.

The IRS is aware of this form of attack and they have on their web site a warning for people about it.

This is another example of when it comes to very sensitive data, go directly to the web site.

Do not click links in the email that will take you there.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] is a variation of the Zbot trojan and as we know from past use of this trojan, the virus can have very bad […]

Speak Your Mind