Kovter Malware Improved With Features of Poweliks - Symantec

Softpedia.com reported on 25th September, 2015 stating that researchers of security firm Symantec have discovered a new version of Kovter Trojan, which now imitates the Poweliks malware and can live to your computer's registry without being stored into your hard drive.

Kovter which was first spotted in 2013, has been one of the most updated malware families available, continuously changing its MO (modus- operandi) adjusting to new hacking campaigns and to the security measures implemented to stop it.

Symantec says that starting with the version 2.0.3 of Kovter malware was first spotted in the wild during May 2015, the Trojan hired survival methods from Poweliks and can hide itself in the registry of PC.

The registry is a Windows-specific feature which is a database of data about user profiles, software, settings and hardware which are being used by Windows OS regularly.

Kovter lasts longer on infected machines and serves as an entry point for other additional serious infections by storing its code in the registry.

Symantec says that Kovter, in the past, has been known to go hand in hand with ransomware and now, in its deadlier form, Kovter is only focused on click-fraud.

The malware is being distributed through malvertisement campaigns aimed at adult and news websites. Moreover, many several exploit kits including Angler, Nuclear, Fiesta, Sweet Orange and Neutrino have seemingly been in conjunction with the malvertising. The latest method is using spam campaigns.

Although there are no indications to suggest that Kovter is targeting specific regions but Symantec feels that US is the most affected region besides UK, Germany, Japan, Canada and Australia.

It was expected that authors of other malware would implement the techniques used by Poweliks. With these updates, Kovter's association with ransomware no longer aligned with its silent and persistent nature. This has led Kovter to continue its click-fraud activities permitting the attackers to take advantage of Kovter's silent capabilities and potential endurance of infection. However, if the authors of malware feel that this business model is not profitable enough then they are still in a position to hold infected computers to ransom.

The Kovter malware family has consistently developed since it was first found and shows no signs of leaving the threat landscape anytime shortly.

» SPAMfighter News - 9/30/2015