Researchers have detected a new Zeus variant, also known as Zbot, that carries out some annoying feats to generate money for attackers.
According to Mark Joseph Manahan, a threat response engineer at Trend Micro who blogged about the threat on Wednesday, the Zbot variant called “TROJ_ZCLICK.A,” causes users to contend with open windows (which are actually legitimate sites) displayed on their desktops.
Every time users perform an activity, like opening a window or file, their desktops are blocked by the pop-ups, Manahan wrote.
He explained that the exploits are likely carried out as part of a pay-per-click scheme, where saboteurs earn money for driving up website traffic. The legitimate content blocking users, ranges from search engines to ticketing, gaming and music sites, Manahan revealed.