ThreatExpert's Statistics for Mal/Zbot-O [Sophos]:

Mal/Zbot-O [Sophos] is also known as:

Threat Alias	Number of Incidents
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]	713
Packed.Generic.232 [Symantec]	424
PWS:Win32/Zbot.gen!R [Microsoft]	336
PWS:Win32/Zbot.PG [Microsoft]	283
Spy-Agent.bw.gen.e [McAfee]	165
Trojan-Spy.Win32.Zbot [Ikarus]	149
HeurEngine.MaliciousPacker [PC Tools]	137
Infostealer.Banker.C [Symantec]	125
Spy-Agent.bw.gen.d [McAfee]	66
Spy-Agent.eh [McAfee]	58
Trojan.Zbot [PC Tools]	45
Trojan.Zbot!gen3 [Symantec]	43
BackDoor-DKI.gen.bf [McAfee]	40
Trojan-PSW.Banker [PC Tools]	40
Win32/IRCBot.worm.variant [AhnLab]	31
PWS:Win32/Zbot.PJ [Microsoft]	25
Generic PWS.cf [McAfee]	17
PWS:Win32/Zbot.gen!W [Microsoft]	16
PWS:Win32/Zbot.PI [Microsoft]	16
PWS-Zbot.gen.p [McAfee]	7
Trojan-Spy.Win32.Zbot.wtb [Kaspersky Lab]	6
Generic PWS.y!dp [McAfee]	5
Trojan-Spy.Win32.Zbot.zvy [Kaspersky Lab]	5
PWS:Win32/Zbot.ZJ [Microsoft]	4
Trojan Horse [Symantec]	4
Trojan:Win32/Malat [Microsoft]	4
Trojan-Spy.Win32.Zbot.aadz [Kaspersky Lab]	4
Trojan-Spy.Win32.Zbot.xep [Kaspersky Lab]	4
Generic PWS.y!rt [McAfee]	3
Infostealer [Symantec]	3
PWS.Win32 [Ikarus]	3
PWS-Zbot [McAfee]	3
Trojan-Dropper.Win32.Zbot [Ikarus]	3
Trojan-Spy.Win32.Zbot.xud [Kaspersky Lab]	3
Win-Trojan/Zbot.62976.X [AhnLab]	3
Win-Trojan/Zbot.92160 [AhnLab]	3
Dropper/MulDrop.78848 [AhnLab]	2
Generic PWS.y!fr [McAfee]	2
Generic PWS.y!gx [McAfee]	2
Generic PWS.y!p [McAfee]	2
PWS:Win32/Zbot.PM [Microsoft]	2
PWS-Banker.dr.i [McAfee]	2
Trojan.Generic [PC Tools]	2
Trojan.Win32.Agent.cbxa [Kaspersky Lab]	2
Trojan.Win32.Zbot [Ikarus]	2
Trojan-Banker.Win32.Bancos [Ikarus]	2
Trojan-Dropper.Win32.Zbot.h [Kaspersky Lab]	2
Trojan-Dropper.Win32.Zbot.i [Kaspersky Lab]	2
Trojan-Spy.Banker!sd6 [PC Tools]	2
Trojan-Spy.Win32.Zbot.sxq [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.wrp [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.xdk [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.xdl [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.xet [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.xez [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.xgh [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.yyj [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.zic [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.zot [Kaspersky Lab]	2
Win-Trojan/Zbot.62976.S [AhnLab]	2
Win-Trojan/Zbot.62976.U [AhnLab]	2
Win-Trojan/Zbot.63488.Z [AhnLab]	2
Win-Trojan/Zbot.64000.C [AhnLab]	2
Win-Trojan/Zbot.66048.I [AhnLab]	2
Win-Trojan/Zbot.66048.J [AhnLab]	2
Win-Trojan/Zbot.67072.E [AhnLab]	2
Win-Trojan/Zbot.67584.H [AhnLab]	2
Win-Trojan/Zbot.67584.O [AhnLab]	2
Win-Trojan/Zbot.76800.B [AhnLab]	2
Win-Trojan/Zbot.77824 [AhnLab]	2
Win-Trojan/Zbot.78336.C [AhnLab]	2
Win-Trojan/Zbot.82432.D [AhnLab]	2
Win-Trojan/Zbot.82944.E [AhnLab]	2
Win-Trojan/Zbot.82944.F [AhnLab]	2
Generic PWS.y [McAfee]	1
Generic PWS.y!bt [McAfee]	1
Generic PWS.y!cy [McAfee]	1
Generic PWS.y!dh [McAfee]	1
Generic PWS.y!fp [McAfee]	1
Generic PWS.y!g [McAfee]	1
Generic PWS.y!h [McAfee]	1
Generic PWS.y!m [McAfee]	1
Generic PWS.y!on [McAfee]	1
Generic PWS.y!r [McAfee]	1
Generic PWS.y!wn [McAfee]	1
Trojan.Agent!sd6 [PC Tools]	1
Trojan.Win32.Agent [Ikarus]	1
Trojan.Zbot [Symantec]	1
Trojan-PSW.Generic [PC Tools]	1
Trojan-Spy.Win32.Zbot.aaof [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.puo [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.ttw [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.vbj [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.wcb [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.wvm [Kaspersky Lab]	1
Trojan-Spy.Zbot!sd6 [PC Tools]	1
Trojan-Spy.Zbot.YETH [PC Tools]	1
Win-Trojan/ZBot.62464.C [AhnLab]	1
Win-Trojan/Zbot.63488.AN [AhnLab]	1
Win-Trojan/Zbot.63488.Q [AhnLab]	1

Mal/Zbot-O [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	5
	Ukraine	1

Mal/Zbot-O [Sophos] is known to be created as:

%System%\1.exe

%System%\intel32.exe

%System%\sdra64.exe

%Temp%\0.exe

%Temp%\090614-2-0.exe

%Temp%\1111.exe

%Temp%\2.exe

%Temp%\283899.exe

%Temp%\assist.exe

%Temp%\bot.exe

%Temp%\crypted.exe

%Temp%\fah_.exe

%Temp%\filetransfer.exe

%Temp%\fol.exe

%Temp%\game.exe

%Temp%\k3ychbaslw.exe

%Temp%\msx6whfeyz.exe

%Temp%\qlm6svdchu.exe

%Temp%\services.exe

%Temp%\svchost.exe

%Temp%\tmp.exe

%Temp%\tmp2.exe

%Temp%\uvrvggawt3.exe

%Templates%\winupdcenter.exe

%Windir%\crypted.exe

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.