ThreatExpert's Statistics for Trojan-Spy.Win32.Zbot [Ikarus]:

Trojan-Spy.Win32.Zbot [Ikarus] is also known as:

Threat Alias	Number of Incidents
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]	559
PWS:Win32/Zbot.gen!R [Microsoft]	401
Infostealer.Banker.C [Symantec]	365
Trojan.Zbot [PC Tools]	250
Trojan.Zbot!gen3 [Symantec]	218
Mal/EncPk-LE [Sophos]	197
Mal/Zbot-O [Sophos]	149
Win32/IRCBot.worm.variant [AhnLab]	149
Packed.Generic.232 [Symantec]	145
Mal/Generic-A [Sophos]	138
Generic PWS.y!bni [McAfee]	110
Win-Trojan/Zbot.139776.B [AhnLab]	110
Generic PWS.y [McAfee]	97
Spy-Agent.bw.gen.e [McAfee]	89
TSPY_ZBOT.SMJB [Trend Micro]	76
PWS:Win32/Zbot.PG [Microsoft]	69
Mal/EncPk-CZ [Sophos]	62
HeurEngine.MaliciousPacker [PC Tools]	57
PWS:Win32/Zbot.J [Microsoft]	53
Trojan Horse [Symantec]	52
Trojan-PSW.Banker [PC Tools]	52
PWS-Zbot.gen.c [McAfee]	48
Trojan-Spy.Zbot!sd6 [PC Tools]	48
PWS:Win32/Zbot.gen!W [Microsoft]	45
TrojanSpy:Win32/Zbot.gen!C [Microsoft]	39
Infostealer [Symantec]	34
Troj/ZbotPP-Fam [Sophos]	33
PWS:Win32/Zbot.G [Microsoft]	31
Trojan-Spy.Banker!sd6 [PC Tools]	31
Mal/Behav-353, Mal/EncPk-LE [Sophos]	29
Mal/Dropper-T [Sophos]	28
PWS:Win32/Zbot [Microsoft]	27
Trojan.Zbot!gen2 [Symantec]	27
VirTool:Win32/DelfInject.gen!AC [Microsoft]	27
PWS-Zbot [McAfee]	26
PWS:Win32/Zbot.M [Microsoft]	23
Trojan.Generic [PC Tools]	22
Mal/Zbot-O, Mal/EncPk-CZ [Sophos]	21
Mal/Zbot-I [Sophos]	20
Spy-Agent.bw.gen.d [McAfee]	19
Troj/Zbot-DX [Sophos]	19
Trojan:Win32/Zbot.BX [Microsoft]	18
Trojan.Zbot [Symantec]	17
Spy-Agent.eh [McAfee]	16
W32/Sdbot.worm.gen.ax [McAfee]	16
Packed.Generic.196 [Symantec]	15
PWS:Win32/Zbot.gen!B [Microsoft]	13
PWS:Win32/Zbot.I [Microsoft]	13
Generic PWS.y!brd [McAfee]	12
Mal/EncPk-HJ [Sophos]	12
Spy-Agent.bw [McAfee]	11
Trojan-Spy.Zbot.YETH [PC Tools]	11
Mal/EncPk-GS [Sophos]	10
Mal/Generic-A, Mal/Zbot-O [Sophos]	10
PWS-Zbot.gen.x [McAfee]	10
Mal/EncPk-HJ, Mal/EncPk-HJ [Sophos]	9
Suspicious.MH690 [Symantec]	9
Troj/Zbot-EH [Sophos]	9
Troj/ZbotPP-Fam, Mal/EncPk-CZ [Sophos]	9
Trojan-Spy.Win32.Zbot.onq [Kaspersky Lab]	9
Trojan-Spy.Win32.Zbot.qkr [Kaspersky Lab]	9
Backdoor.Paproxy [Symantec]	8
Downloader-BON [McAfee]	8
Mal/EncPk-HF, Mal/EncPk-CZ [Sophos]	8
Mal/Generic-A, Mal/EncPk-LE [Sophos]	8
Packed.Generic.233 [Symantec]	8
Spy-Agent.bw.gen.i [McAfee]	8
Trojan:Win32/Malat [Microsoft]	8
Trojan-PSW.Generic [PC Tools]	8
Win32/Zbot.worm.139776 [AhnLab]	8
Downloader [Symantec]	7
Generic Dropper.bw [McAfee]	7
Mal/Zbot-H [Sophos]	7
PWS:Win32/Zbot.PK [Microsoft]	7
PWS:Win32/Zbot.R [Microsoft]	7
PWS-Zbot.gen.i [McAfee]	7
Trojan-Spy.Win32.Zbot.soo [Kaspersky Lab]	7
Win-Trojan/Zbot.66048 [AhnLab]	7
Generic PWS.y!byc [McAfee]	6
Generic PWS.y!r [McAfee]	6
Infostealer.Bancos [Symantec]	6
Mal/EncPk-HZ [Sophos]	6
Mal/EncPk-KD [Sophos]	6
Mal/Zbot-P [Sophos]	6
PWS:Win32/Zbot.RS [Microsoft]	6
PWS-Zbot.gen.al [McAfee]	6
Troj/Zbot-BS [Sophos]	6
Trojan-Spy.Win32.Zbot.ixc [Kaspersky Lab]	6
Trojan-Spy.Win32.Zbot.len [Kaspersky Lab]	6
TSPY_ZBOT.SM [Trend Micro]	6
W32.Auraax [Symantec]	6
Worm:Win32/Emold.gen!D [Microsoft]	6
Cryp_Pai-5 [Trend Micro]	5
FakeAlert-DA [McAfee]	5
Generic PWS.y!dp [McAfee]	5
Generic PWS.y!rt [McAfee]	5
Generic.dx [McAfee]	5
Mal/EncPk-GS, Mal/EncPk-FW [Sophos]	5
Mal/EncPk-HP [Sophos]	5
Mal/EncPk-LE, Mal/Behav-353 [Sophos]	5

Trojan-Spy.Win32.Zbot [Ikarus] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	39
	China	2
	Poland	2
	Finland	1
	Slovakia	1
	United Kingdom	1

Trojan-Spy.Win32.Zbot [Ikarus] is known to be created as:

%AppData%\av.exe

%ProgramFiles%\microsoft common\svchost.exe

%ProgramFiles%\microsoft common\wuacult.exe

%ProgramFiles%\microsoft common\wuauclt.exe

%Programs%\startup\ihaupd32.exe

%System%\1.exe

%System%\bifrost\server.exe

%System%\ntos.exe

%System%\sdra64.exe

%System%\spools.exe

%Temp%\090322-5-4.exe

%Temp%\090322-b-17.exe

%Temp%\090322-c-1.exe

%Temp%\090322-c-12.exe

%Temp%\6_ldr.exe

%Temp%\6_ldr3.exe

%Temp%\6_ldry3.exe

%Temp%\adv.exe

%Temp%\assist.exe

%Temp%\bulletin\bulletin.exe

%Temp%\csrss.exe

%Temp%\directwin.exe

%Temp%\file.exe

%Temp%\htdhg.exe

%Temp%\k3ychbaslw.exe

%Temp%\kafan virlist 2009.03.08\090308-2-1.exe

%Temp%\kafan virlist 2009.03.08\090308-4-3.exe

%Temp%\kafan virlist 2009.03.08\090308-9-2.exe

%Temp%\ldr.exe

%Temp%\rarsfx0\1.exe

%Temp%\sdra64.exe

%Temp%\services.exe

%Temp%\tmp.exe

%Temp%\tmp1.exe

%Temp%\tmp2.exe

%Temp%\uvrvggawt3.exe

%Windir%\crypted.exe

%Windir%\inibdmrf.dll

%Windir%\temp\rdl1.tmp.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.