Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Neverquest Trojan in New Updated Version Discovered

Security researchers, during November 2014, detected the notorious Trojan Neverquest in a new upgraded form attacking Web surfers, especially in North America, and then in comparatively fewer instances in Europe followed with Asia.

The security experts discovered that the new Neverquest version also dubbed Vawtrack gets served through a number of malware installers with Zemot as one.

Zemot belongs to the Upatre group of malicious programs that the Kuluoz/Asprox network of bot operators utilized many times for injecting extra malware into the infected PCs.

The researchers, incidentally from IBM Trusteer, noticed Neverquest as featuring one changed malware planting procedure in the latest version with exchange of messages from its command-and-control (CnC) systems being currently carried out through the proxy network Tor2web.

Since Neverquest's CnC systems are placed inside Tor, the communications via the network are coded to never get deciphered as also randomized thus enabling anonymity that in turn helped the cyber-crooks to safeguard their operations against security systems.

Ilya Kolmanovich Threat Engineer at Trusteer points out that besides engaging Zemot and Asprox botnet to disseminate the latest Neverquest, the Trojan as well gets served via attack toolkits within drive-by assaults. Securityweek.com reported this dated December 6, 2014.

The investigators figured out that the changed malware planting procedure involves the installer installing DLL module of the Neverquest variant followed with running it by utilizing regsvr32.exe so DLL files get registered into the registry as command elements.

After this, Neverquest makes its own replicas inside the %Programdata% else %Appdata% directory as per the type of operating software (OS) working on the contaminated computer. Eventually, it utilizes "CreateRemoteThread" a function for thrusting the malevolent code inside Explorer.exe a lawful Windows process.

For evading security solutions, Neverquest's authors utilize dual techniques. One is "recurring runkey" for overwriting entry into Windows registry to maintain persistency of the malware on the host and the other is "watchdog" for recreating vital functions in case the original ones are terminated.

Indeed Neverquest's evolution many a times during 2013 has been consistent with being able to bypass newer and more effective security products each time, IBM Trusteer concludes.

» SPAMfighter News - 12/17/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page