TDR

Zeus variant blocks user activity with full-screen pop-ups

March 20, 2014

Researchers have detected a new Zeus variant, also known as Zbot, that carries out some annoying feats to generate money for attackers.

According to Mark Joseph Manahan, a threat response engineer at Trend Micro who blogged about the threat on Wednesday, the Zbot variant called “TROJ_ZCLICK.A,” causes users to contend with open windows (which are actually legitimate sites) displayed on their desktops.

Every time users perform an activity, like opening a window or file, their desktops are blocked by the pop-ups, Manahan wrote.

He explained that the exploits are likely carried out as part of a pay-per-click scheme, where saboteurs earn money for driving up website traffic. The legitimate content blocking users, ranges from search engines to ticketing, gaming and music sites, Manahan revealed.

prestitial ad