Neverquest Trojan Targets Online Banking Users
Online banking faces a new threat
On July 18, 2013, the following post was published on a closed cybercriminal forum:
The author of this post was offering a malicious program that could be used to attack “about 100 banks” by seeding add-on code onto bank websites viewed with Internet Explorer and Mozilla Firefox, with VNC connections, and other ways to attack “any bank in any country.”
Kaspersky Lab immediately began to dig deeper, and discovered that the program the malicious users were offering was Trojan-Banker.Win32/64.Neverquest. By mid-November Kaspersky Lab had recorded several thousand attempted Neverquest infections all around the world. This threat is relatively new, and cybercriminals still aren’t using it to its full capacity. In light of Neverquest’s self-replication capabilities, the number of users attacked could increase considerably over a short period of time.
Skipping on down...A webpage seeded with malicious content. All data that the user enters on this page will be transmitted to malicious users.
After gaining access to a user’s account with an online banking system, cybercriminals use a SOCKS server and connect remotely to the infected computer via a VNC server, then conduct transactions and wire money from the user to their own accounts, or — in order to keep the trail from leading directly to them — to the accounts of other victims.
Another function helps malicious users replenish their list of targeted banks and develop code to be seeded on new websites that were previously not on the target list. This is done as follows:
- The configuration file contains a list of key words that, if they are found on a webpage in the browser, prompt the malicious program to intercept the process and send the full contents of the webpage and its URL to malicious users.
- Based on that received data, the malicious users then develop additional code to be seeded onto that website:
- The new website is then included on the list of targeted websites, and the new code is added to the arsenal of malicious scripts in the configuration file.
- The updated configuration file is then distributed to all infected computers.
The list of key words used to develop additional seeding code is:
Read More...http://www.securelist.com/en/analysis/204792315/Online_banking_faces_a_new_threat
- Virus info - Hand of Thief - Linux Trojan
- Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- Linux Today - Hand of a Thief malware targets Linux users' bank accounts
- Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
- avast! blog » Linux Trojan “Hand of Thief” ungloved
- Linux Virus - Google Custom Search on DonsDeals Blog
- DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- Virus info Linux and Windows
- Antivirus scan for 5cb14d0745d7b09bcbeba3114cc06c5f at UTC - VirusTotal
- avast! blog » Linux Trojan “Hand of Thief” ungloved
- avast! Linux Home Edition
- best security list 2013 - Search on DonsDeals Blog
- Best Security List - Google Custom Search on DonsDeals Blog
- best secutriy list - Google Custom Search on DonsDeals Blog
- Clam AntiVirus
- Clam AntiVirus
- ClamWin CD/USB - HowTo
- Comodo - Google Search
- Computer worm - Wikipedia, the free encyclopedia
- crafted.win32file.ols - Google Search
- CrowdStrike: HTTP iframe Injecting Linux Rootkit
- DonsDeals: Avast! AntiVirus For Both Window and Linux Home Edition
- DonsDeals: BBC NEWS | Programmes | Click | BBC team exposes cyber crime risk
- DonsDeals: Best Free Rootkit Scanner/Remover
- DonsDeals: Conficker Worm Called An Epidemic
- DonsDeals: CrowdStrike - HTTP iframe Injecting Linux Rootkit (Vrius info)
- DonsDeals: Download Comodo System-Cleaner
- DonsDeals: Facebook Users Targeted By Fake Virus Alert
- DonsDeals: Firewall & Antivirus Software Suite - Internet Security | Comodo
- DonsDeals: Free Agent: Linux Firewalls and Antivirus--Needed or Not? - PCWorld
- DonsDeals: Free Desktop PC Security - Free Downloads Keep your PC Safe | Comodo
- DonsDeals: Immunet v2 update on the way: adds multi-engine malware and virus scanning to cloud-powered core
- DonsDeals: Jotti's malware scan
- DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- DonsDeals: M86 Security Finds URL Filters Anti Virus Scanners Ineffective
- DonsDeals: New Kneber Botnet Tied To 75 000 Systems
- DonsDeals: PC Hell: Free RootKit Removal Tools and Software
- DonsDeals: Privacy = Security and Security = Privacy...
- DonsDeals: Probably the best free security list in the world
- DonsDeals: Probably the Best Free Security List in the World
- DonsDeals: Probably the Best Free Security List in the World - Updated 28. August 2012
- DonsDeals: Re: Viruses now penetrating deeper | Tech News on ZDNet
- DonsDeals: Setting up Avast Antivirus to Protect your Windows PC...
- DonsDeals: TDL4 MBR Rootkit Virus Alureon TDSS Removal by Britec - YouTube
- DonsDeals: The first Linux botnet? | ITworld
- DonsDeals: There are Viruses, Trojans, Worms and Rootkits, that can infect a Linux OS
- DonsDeals: Trinityhome : New TRK 3.4: easier than ever before
- DonsDeals: Updated Conficker Ropes Victims into Rogue Antivirus Scam
- DonsDeals: VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!
- Download Enhanced Mitigation Experience Toolkit 4.1 from Official Microsoft Download Center
- Download RogueKiller (Official website)
- Download System-Cleaner
- Firewall & Antivirus Software Suite - Internet Security | Comodo
- Free Antivirus for Windows - Open source GPL virus scanner
- Google Translate - http://www.chkrootkit.org/download.htm
- Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
- Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- How to Detect Rootkits on a Computer | eHow.com
- Jotti's malware scan
- KlamAV
- KlamAV - ClamAV for KDE | Free Development software downloads at SourceForge.net
- klamav - Google Search
- KlamAV GUI Screen Animation
- Linux Today - Hand of a Thief malware targets Linux users' bank accounts
- Linux Virus - Google Custom Search on DonsDeals Blog
- Lynis
- New Linux Rootkit Emerges | threatpost
- News | VirusBlokAda
- online virus scan file upload - Google Search
- Powerful Free Microsoft Security Tool EMET has Been Updated
- Probably the Best Free Security List in the World
- Remote PC through VPN Access - Secure Remote Access | Comodo
- remove sasser virus - Google Search
- remove sasser virus - Google Search
- RogueKiller - CNET Download.com
- rootkits computer - Google Search
- Rootkit - Wikipedia, the free encyclopedia
- Search results for Gizmo's Freeware website
- The Rootkit Hunter project
- trinity - Google Search
- Trojan horse (computing) - Wikipedia, the free encyclopedia
- trojans computer - Google Search
- Trojans - Google Search
- trojan.tdss-7762 - Google Search
- Trojan - Trojans and Viruses in Computer Networking
- Unhide homepage - Welcome
- VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!
- VirusTotal - Free Online Virus, Malware and URL Scanner
- wine gecko - Google Search
- WinPlanet Downloads for Windows Desktop Utilities
- worms computer - Google Search
- 'Neverquest' trojan threatens online banking users - Computerworld
- Online banking faces a new threat - Securelist
- Virus Software and How To's
- Easy Clean, Free Virus Removal - Free Download | F-Secure
- Emsisoft BlitzBlank - Removes malware infections that nothing else removes
- Free Online Tools
- F-Secure Labs
- How to Use Stinger | McAfee Free Tools
- Probably the Best Free Security List in the World
- RegRun Reanimator - free Trojan/Adware/Spyware removal tool - Greatis Software
- Threat Killer - Security Solutions & Information Technology - NoVirusThanks
- Virus Effect Remover | Download Virus Effect Remover software for free at SourceForge.net
- Virus Info
- Operation Bot Roast - Google Search
- FBI DOJ Reveal Operation Bot Roast
- Federal Bureau of Investigation - Press Room - Headline Archives - OPERATION: BOT ROAST‘Bot-herders’ Charged as Part of Initiative
- TREND MICRO - Security Information:
- top virus threats - Google Search
- Virus Threats and Analysis
- CNET Security Center - CNET.com
- Massive Web attack gains momentum | Tech news blog - CNET News.com
- Report Phishing Sites
- reaper computer virus - Google Search
- 25th anniversary of the computer virus? Not so fast | Tech news blog - CNET News.com
- 25th anniversary of the computer virus? Not so fast | The Digital Home - CNET Blogs
- computer virus that infects people - Google Search
- computer virus that infects people - Google Book Search
- RFID Viruses and Worms
- Faculty of Science : Vrije Universiteit
- Secunia reviews - Google Search
-
- Secunia Security Patch Updater
- PSI - Personal Software Inspector - Secunia
- Secunia - Google Search
- Vulnerability and Virus Information - Secunia
- Secunia reviews - Google Search
- Search Advisory, Vulnerability, and Virus Database - Secunia
- avast! Linux Home Edition 1.x - Vulnerability Report - Secunia
- Search Advisory, Vulnerability, and Virus Database - Secunia
- decompression bomb - Google Search
- Zip bomb - Wikipedia, the free encyclopedia
- Know This Term : "Decompression Bomb"
- AERAsec - Network Security - Eigene Advisories
- Boot sector virus repair
- bios virus fix vista - Google Search
-
- Online Virus Scanners
- Online malware scan
- Free Virus Scan - Kaspersky Lab
- online virus scan free - Google Search
- F-Secure Support pages: F-Secure Online Virus Scanner
- Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security
- Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security
- Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA
- BitDefender Online Scanner - Free Online Virus Scan
- BitDefender Online Scanner FAQ
- Hbinst.exe - Google Search
- Removing Confounding Conficker
- w32/magistr.a@mm - Google Search
No comments:
Post a Comment