Fresh Banker Trojan Propagating all over Holland and UK; Symantec

One fresh banker Trojan is getting disseminated inside the United Kingdom as well as The Netherlands, cautions Symantec the security company.

Called "Neloweg," the malware functions quite similar to ZeuS, the earlier more popular malware kit, though there are a few delicate twists.

Explaining this, Fred Gutierrez a security analyst at Symantec states that similar to ZeuS, Trojan Neloweg is capable of identifying the website it's infecting as well as appending tailored JavaScript. However, ZeuS is known to have a configuration file, whereas Neloweg stores the same on one malevolent online server. Theregister.co.uk published this in news on March 1, 2012.

Neloweg, it is said, grabs Internet login credentials, chiefly those related to Internet banking websites in addition to other types of login particulars.

The popular Web-browsers, Neloweg primarily targets are Internet Explorer and Firefox.

Intriguingly, it particularly targets some other browsers too which make use of the WebKit (Safari/Chrome), Gecko (Firefox) and Trident (Internet Explorer) browser engines. A natural reason why Neloweg targets various types of Web-browsers is for making sure the bot contaminates the maximum possible number of targets. Another -is the use of not so popular Web-browsers by end-users to bank online for attaining security via anonymity, whereby the Trojan's controller has a greater chance for attacking a browser, which serves the purpose of Internet banking.

Incidentally with respect to Firefox, Neloweg goes deep inside it and remains there, making itself the browser's inherent component instead of being an ordinary extension. This makes the Trojan more treacherous compared to earlier banking malware samples.

Meanwhile, in an own blog post, Gutierrez writes that previously, threats were observed as designing malevolent extensions. Symantec.com published this in news on March 1, 2012. Further, according to the analyst, to remain safe, users earlier simply required disabling the specific add-on. But, Trojan.Neloweg's case is different. Because it's one component, it doesn't look like an add-on within the Add-ons Manager of Firefox just as in the instances of other plug-ins or extensions. Additionally, Firefox's design is such that whenever the browser would go online, Neloweg will get created and installed yet again, Gutierrez concludes.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 3/8/2012