Kaspersky Cautions about Fresh Banker Trojan Neverquest
Kaspersky the security company cautions that one fresh Trojan program, which has been named Trojan-Banker.Win32/64.Neverquest and which's used for attacking Internauts transacting with financial institutions, is likely to become widespread pretty fast during the coming few months.
Incidentally, Neverquest became first known on 18th July, 2013 when it was detected infecting computers and by the middle of November 2013, security researchers spotted its numerous attempts at contaminating PCs worldwide.
The researchers further opine that the threat rather new isn't getting fully utilized, although given that it bears the capacity for integrating its own multiplication techniques, it may disseminate fast.
Meanwhile, distribution of Neverquest requires Trojan installers, which download certain library file, while ensure it gets run automatically via the creation of a registry.
And when run, Neverquest verifies for an already existing infection on the system. Incase there isn't any, the threat phones and establishes a communication with its C&C system for getting the expected configuration file. This file has names of 28 websites of payment services and banks operating from different nations, particularly, Turkey, India, Italy and Germany.
Sergey Golovanov, Security Researcher explains that when an end-user using a contaminated computer accesses any of the 28 websites, Neverquest controls everything that goes between his browser as well as the server. The threat's perpetrators then acquire that end-user's usernames and passwords which he may enter, as also change the site's content. Consequently, whatever data the end-user feeds into the changed site gets transmitted back to the miscreants. Threatpost.com published this, November 26, 2013.
Golovanov further explains that after acquiring admission into the user-victim's account, one SOCKS server is used whereby the miscreants link up with contaminated PCs remotely via certain VNC server followed with transferring the user-victim's fund into the miscreants' own A/C else other user-victims' accounts so as for preventing the track going straight to them. Securityweek.com published this, November 26, 2013.
Fascinatingly, Neverquest's objective is to occupy foremost ranks that the Carberp and ZeuS trojans earlier occupied.
Eventually, safeguard from Neverquest and similar malware, in addition to regular anti-virus programs, necessitates deployment of dedicated solution that'll make online financial interactions secure.
» SPAMfighter News - 12/3/2013