Zbot (also known as Zeus) is information stealing Trojan (infostealer) collecting confidential data from each infected computer. The main vector for spreading Zbot is a spam campaign where recipients are tricked into opening infected attachments on their computer.

This new variant uses a malicious PDF file which contains the threat as an embedded file. When recipients open the PDF, it asks to save a PDF file called Royal_Mail_Delivery_Notice.pdf. The user assumes that the file is just a PDF, and therefore safe to store on the local computer.

The file, however, is really a Windows executable. The malicious PDF launches the dropped file, taking control of the computer.At the time of writing, this file has a 20 perecnt anti-virus detection rate (SHA1 : f1ff07104b7c6a08e06bededd57789e776098b1f).

For more details: TechTree