ThreatExpert's Statistics for Trojan-Spy.Zbot [Ikarus]:

Trojan-Spy.Zbot [Ikarus] is also known as:

Threat Alias	Number of Incidents
Infostealer.Banker.C [Symantec]	30
Mal/Generic-A [Sophos]	14
Mal/Zbot-P [Sophos]	13
Mal/Zbot-Q [Sophos]	11
PWS:Win32/Zbot.gen!R [Microsoft]	9
VirTool:Win32/VBInject.U [Microsoft]	9
Trojan Horse [Symantec]	8
Trojan-Spy.Win32.Zbot.xrt [Kaspersky Lab]	8
Win32/IRCBot.worm.variant [AhnLab]	6
Generic Dropper!hv.f [McAfee]	5
PWS:Win32/Zbot.J [Microsoft]	5
Spy-Agent.bw.gen.e [McAfee]	5
Trojan-Dropper.Win32.VB.iyk [Kaspersky Lab]	5
Trojan-Spy.Win32.Zbot.aack [Kaspersky Lab]	5
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]	5
Win-Trojan/Zbot.80896 [AhnLab]	4
Backdoor.Trojan [Symantec]	3
Generic Dropper [McAfee]	3
Mal/Inject-H [Sophos]	3
Packed.Generic.233 [Symantec]	3
Spy-Agent.bw [McAfee]	3
Troj/ZbotPP-Fam [Sophos]	3
Trojan-Spy.Banker!sd6 [PC Tools]	3
Dropper/Xema.75798 [AhnLab]	2
Generic FakeAlert.d!gen [McAfee]	2
Generic PWS.y [McAfee]	2
Generic PWS.y!dk [McAfee]	2
Generic.dx [McAfee]	2
Mal/EncPk-CZ [Sophos]	2
Mal/EncPk-HJ [Sophos]	2
Mal/EncPk-IF [Sophos]	2
PWS:Win32/Zbot [Microsoft]	2
PWS:Win32/Zbot.G [Microsoft]	2
PWS:Win32/Zbot.PG [Microsoft]	2
PWS:Win32/Zbot.XD [Microsoft]	2
Trojan:Win32/Malagent [Microsoft]	2
Trojan:Win32/Zbot.BX [Microsoft]	2
Trojan-Spy.Win32.Zbot.aabj [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aabm [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ivg [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.liv [Kaspersky Lab]	2
Trojan-Spy.Zbot!sd6 [PC Tools]	2
TSPY_ZBOT.CAR [Trend Micro]	2
Win-Trojan/ZBot.97792 [AhnLab]	2
Backdoor.Win32.Bifrose.asrq [Kaspersky Lab]	1
BackDoor-CEP.svr [McAfee]	1
Dropper/Agent.15872.BS [AhnLab]	1
Generic Dropper!su [McAfee]	1
Generic FakeAlert.d.gen [McAfee]	1
Generic.dx!so [McAfee]	1
Generic.dx!tq [McAfee]	1
Infostealer [Symantec]	1
Infostealer.Bancos [Symantec]	1
Mal/EncPk-IC [Sophos]	1
Mal/Generic-E, Mal/Inject-H [Sophos]	1
Mal/Zbot-H, Mal/EncPk-CZ [Sophos]	1
Packed.Generic.232 [Symantec]	1
Packed.Generic.253 [Symantec]	1
PWS:Win32/Zbot.gen!W [Microsoft]	1
Troj/Agent-JUR [Sophos]	1
Troj/Agent-KSU [Sophos]	1
Troj/FakeAV-ASB [Sophos]	1
Troj/Zbot-GH [Sophos]	1
Troj/Zbot-GJ [Sophos]	1
Trojan.Win32.Agent.cdkn [Kaspersky Lab]	1
Trojan.Win32.Agent2.jgm [Kaspersky Lab]	1
Trojan.Win32.Agent2.kxa [Kaspersky Lab]	1
Trojan:Win32/Meredrop [Microsoft]	1
Trojan-Dropper.VB!sd6 [PC Tools]	1
Trojan-Dropper.Win32.Agent.azfw [Kaspersky Lab]	1
Trojan-Ransom.Win32.SMSer.hd [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.aaro [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.abaa [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.adyi [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.kek [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.kxw [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.lgd [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.nsg [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.nvt [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.qds [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.vth [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.xud [Kaspersky Lab]	1
Trojan-Spy.Win32.Zbot.xuf [Kaspersky Lab]	1
TrojanSpy:Win32/Zbot.gen!C [Microsoft]	1
W32.SillyFDC [Symantec]	1
Win-Trojan/Agent.59392.BQ [AhnLab]	1
Win-Trojan/Obfuscator.88576 [AhnLab]	1
Win-Trojan/Zbot.112128.B [AhnLab]	1
Win-Trojan/Zbot.29696 [AhnLab]	1
Win-Trojan/Zbot.65536.D [AhnLab]	1
Win-Trojan/Zbot.88064.B [AhnLab]	1
Win-Trojan/Zbot.92160 [AhnLab]	1
Win-Trojan/ZBot.92672.B [AhnLab]	1
Win-Trojan/Zbot.95744.I [AhnLab]	1
Worm.Win32.AutoRun.aqzx [Kaspersky Lab]	1

Trojan-Spy.Zbot [Ikarus] has the following possible countries of origin:

Origin		Number of Incidents
	Spain	7
	Russian Federation	1

Trojan-Spy.Zbot [Ikarus] is known to be created as:

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\linkedtricks\linkedtricks.exe

%ProgramFiles%\microsoft common\svchost.exe

%ProgramFiles%\test.exe

%System%\ntos.exe

%System%\sdra64.exe

%System%\server.exe

%System%\user32.exe

%Temp%\090430-2-5.exe

%Windir%\winudpmgr.exe

c:\recycle\d-0-060-0000000000-1111111-2222222\venet.exe

c:\setup\setup.exe

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.