Couple arrested in connection with Zbot Trojan horse

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

New Scotland Yard
A man and a woman have been arrested in Manchester by officers of the Greater Manchester Police and Metropolitan Police Central e-Crime Unit (PCeU) in connection with the Zbot family of Trojan horses.

Zbot is one of the most notorious pieces of malware of recent times. It’s a data-stealing Trojan horse, designed to grab information from internet users which would help hackers break into online bank accounts and social networking sites such as Facebook and MySpace.

Of course, once a hacker has your bank account information they can login and potentially transfer money to other accounts. If they break into your Facebook page they could use that to spread spam and phishing messages to the compromised account’s online buddies.

Typically versions of the Zbot Trojan horse have been spammed out to unsuspecting internet users, using a variety of social engineering tricks to try to trick the unwary into opening an attachment or clicking on a link to a website hosting malware.

Sign up to our free newsletter.
Security news, advice, and tips.

A Zbot attack posing as an email from the IRS

One of the most recent Zbot-related attacks involved an email claiming to come from Vodafone or Verizon Wireless, saying that the recipient’s credit balance was over the limit. Running the attached “Balance Checker Tool” infected the user’s computer with a version of the Trojan horse.

Bogus email claiming to come from Verizon Wireless

But there’s something else that Zbot does, and the clue is in the “bot” part of its name. Zbot hijacks your computer, making it part of a criminal botnet. Hackers control thousands of compromised computers around the world – using them as a zombie army to spew out spam, spread more malware and launch denial-of-service attacks.

It’s worth bearing in mind, of course, that although the arrests have been in the UK, the Zbot family of malware is a problem that has been hitting computer users around the world – it is truly a global threat.

Zbot (also known as Zeus) is a significant malware family – the many different variants of the Trojan in existence have been distributed in a variety of different disguises. If the police have made a positive step in unravelling one of the gangs behind Zbot infections then that’s good news for everyone interested in making the internet a safer place – but there are plenty of other bad guys out there spreading strains of the malware.

The names of the two people arrested under the Computer Misuse Act 1990 and the 2006 Fraud Act have not been released, but it is known both are aged 20 years old. They have now been released on bail pending further enquiries.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.