Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Kovter Malware Improved With Features of Poweliks - Symantec

Softpedia.com reported on 25th September, 2015 stating that researchers of security firm Symantec have discovered a new version of Kovter Trojan, which now imitates the Poweliks malware and can live to your computer's registry without being stored into your hard drive.

Kovter which was first spotted in 2013, has been one of the most updated malware families available, continuously changing its MO (modus- operandi) adjusting to new hacking campaigns and to the security measures implemented to stop it.

Symantec says that starting with the version 2.0.3 of Kovter malware was first spotted in the wild during May 2015, the Trojan hired survival methods from Poweliks and can hide itself in the registry of PC.

The registry is a Windows-specific feature which is a database of data about user profiles, software, settings and hardware which are being used by Windows OS regularly.

Kovter lasts longer on infected machines and serves as an entry point for other additional serious infections by storing its code in the registry.

Symantec says that Kovter, in the past, has been known to go hand in hand with ransomware and now, in its deadlier form, Kovter is only focused on click-fraud.

The malware is being distributed through malvertisement campaigns aimed at adult and news websites. Moreover, many several exploit kits including Angler, Nuclear, Fiesta, Sweet Orange and Neutrino have seemingly been in conjunction with the malvertising. The latest method is using spam campaigns.

Although there are no indications to suggest that Kovter is targeting specific regions but Symantec feels that US is the most affected region besides UK, Germany, Japan, Canada and Australia.

It was expected that authors of other malware would implement the techniques used by Poweliks. With these updates, Kovter's association with ransomware no longer aligned with its silent and persistent nature. This has led Kovter to continue its click-fraud activities permitting the attackers to take advantage of Kovter's silent capabilities and potential endurance of infection. However, if the authors of malware feel that this business model is not profitable enough then they are still in a position to hold infected computers to ransom.

The Kovter malware family has consistently developed since it was first found and shows no signs of leaving the threat landscape anytime shortly.

ยป SPAMfighter News - 9/30/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page