Trojan Viknok the Latest Malware for Click-Fraud Scams, Reports Symantec

Security researchers from Symantec the security company recently found cyber-criminals carrying out click fraud campaigns with the help of 'Viknok' a Trojan virus.

It's been no later than April 2013 that Trojan.Viknok started spreading as it made zombies out of contaminated PCs to build botnets via the acquisition of elevated rights of end-users who operated machines of particularly 64-bit or 32-bit Windows 7.

During April 2014, there had been an enormous rise in the total number of Viknok contaminations. Several victims said they heard audio clips while their systems were on and contaminated with the malware, as per the researchers.

During May 2014 alone, there was a record 16,500 distinct victims, the majority of them situated at USA.

According to Symantec, Viknok attacks through Dynamic Link Library (DLL) files using its malevolent payload.

After the Trojan contaminates a system, the attackers launch click-fraud operations wherein end-users automatically get diverted onto advertisements. The victims would hear random audio sounds through the speakers on their hijacked PCs, as different advertisements played behind screen.

Notably, Viknok executes several tricks for spreading infection, including the most effective one that involves abuse of CVE-2013-3600, the privilege escalation security flaw on Windows OS. With this exploit, Trojan.Viknok manages towards executing malicious software within kernel mode.

Researcher Andrea Lelli of Symantec says the threat aims at contaminating the rpcss.dll file, in order to have the malicious software run whenever Windows would start. SCMagazine.com published this, May 8, 2014.

The rpcss.dll are actually system files that when infected start downloading "Vikadclick" name of one more Windows Trojan whose activities let the operations of click fraud.

Security Response Manager Satnam Narang from Symantec stated that security investigators were yet examining to know the way destructors installed Viknok onto people's PCs, reported SCMagazine.com.

And given Trojan.Viknok's activity keeps on becoming widespread, it appears that the threat would get pretty common, therefore, according to Symantec, it'll keep monitoring the malware as closely as possible.

The security company ends by suggesting that users should deploy the most recent anti-virus solutions as well as security patches for updating their computers and thus have the best available safeguard.

» SPAMfighter News - 5/19/2014