Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Vawtrak Trojan Now Increasingly Obscure by Employing Tor2Web, Finds Fortinet

Creators of Vawtrak the banking Trojan, whose other names are Snifula and Neverquest, are using the Tor2Web to make their servers obscure and so more difficult for security researchers to detect the malware's activity, says Fortinet the security company.

Till now Vawtrak's techniques such as stealing from banking websites, filching login credentials and breaking encryption have been significantly recorded; however, according to Fortinet presently, the Trojan has employed another technique of concealing its servers with the help of Tor2Web in order that it can now bypass detection much better.

The function of Tor2Web is helping to execute Tor's services while no direct connection occurs with the network, which actually implies that although people using the service can still be traced, their systems and servers relying on Tor can't.

Elaborating on this, Security Researcher Raul Alvarez with Fortinet says that the source code of Vawtrak contains a number of DWORD values corresponding with various domain-names. Softpedia.com reported this, June 9, 2015.

Alvarez says every DWORD value works like one seed utilized for producing its matching domain-name. Such seeds like fixed values get stored inside the source-code, thus generating identical pseudo-randomized domain-names. For acquiring any of these domain-names, Vawtrak employs that seed which corresponds to the particular domain-name for producing the latter's pseudo-randomized features.

Nevertheless, this method isn't foolproof as it's possible to crack the algorithm followed with finding the strings produced.

The malware has layers to help penetrate anti-malware software, limit consents, as well as make sure it persists when the victim reboots his computer.

In 2014, Vawtrak first worked like one banking Trojan with multifaceted features after which it also acquired the capability to inject into the Web to become dexterous at garnering PINs and Social Security Numbers prior to finally evolving for targeting retailers and social media besides banks.

Thus for remaining safe from Vawtrak's infection, one requires being watchful when online, although the Trojan may even then get in through other infection mediums, despite no direct interaction by the end-user. Hence, having up-to-date anti-virus programs is most essential no matter if the malware attempts at deactivating any anti-virus enabled on the host PC.

ยป SPAMfighter News - 6/18/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page