Search My Blog

Tuesday, November 26, 2013

Neverquest Trojan Targets Online Banking Users - Online banking faces a new threat - Securelist

Neverquest Trojan Targets Online Banking Users


Online banking faces a new threat

On July 18, 2013, the following post was published on a closed cybercriminal forum:

 

The author of this post was offering a malicious program that could be used to attack “about 100 banks” by seeding add-on code onto bank websites viewed with Internet Explorer and Mozilla Firefox, with VNC connections, and other ways to attack “any bank in any country.”

Kaspersky Lab immediately began to dig deeper, and discovered that the program the malicious users were offering was Trojan-Banker.Win32/64.Neverquest. By mid-November Kaspersky Lab had recorded several thousand attempted Neverquest infections all around the world. This threat is relatively new, and cybercriminals still aren’t using it to its full capacity. In light of Neverquest’s self-replication capabilities, the number of users attacked could increase considerably over a short period of time.

Skipping on down...

A webpage seeded with malicious content. All data that the user enters on this page will be transmitted to malicious users.

After gaining access to a user’s account with an online banking system, cybercriminals use a SOCKS server and connect remotely to the infected computer via a VNC server, then conduct transactions and wire money from the user to their own accounts, or — in order to keep the trail from leading directly to them — to the accounts of other victims.

Another function helps malicious users replenish their list of targeted banks and develop code to be seeded on new websites that were previously not on the target list.  This is done as follows:

  1. The configuration file contains a list of key words that, if they are found on a webpage in the browser, prompt the malicious program to intercept the process and send the full contents of the webpage and its URL to malicious users.
  2. Based on that received data, the malicious users then develop additional code to be seeded onto that website:
  3. The new website is then included on the list of targeted websites, and the new code is added to the arsenal of malicious scripts in the configuration file.
  4. The updated configuration file is then distributed to all infected computers.

The list of key words used to develop additional seeding code is:

Read More...
http://www.securelist.com/en/analysis/204792315/Online_banking_faces_a_new_threat

Virus info - Hand of Thief - Linux Trojan
Hand of Thief malware could be dangerous (if you install it) - TechRepublic
Linux Today - Hand of a Thief malware targets Linux users' bank accounts
Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
avast! blog » Linux Trojan “Hand of Thief” ungloved
Linux Virus - Google Custom Search on DonsDeals Blog
DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic

Virus info Linux and Windows
Antivirus scan for 5cb14d0745d7b09bcbeba3114cc06c5f at UTC - VirusTotal
avast! blog » Linux Trojan “Hand of Thief” ungloved
avast! Linux Home Edition
best security list 2013 - Search on DonsDeals Blog
Best Security List - Google Custom Search on DonsDeals Blog
best secutriy list - Google Custom Search on DonsDeals Blog
Clam AntiVirus
Clam AntiVirus
ClamWin CD/USB - HowTo
Comodo - Google Search
Computer worm - Wikipedia, the free encyclopedia
crafted.win32file.ols - Google Search
CrowdStrike: HTTP iframe Injecting Linux Rootkit
DonsDeals: Avast! AntiVirus For Both Window and Linux Home Edition
DonsDeals: BBC NEWS | Programmes | Click | BBC team exposes cyber crime risk
DonsDeals: Best Free Rootkit Scanner/Remover
DonsDeals: Conficker Worm Called An Epidemic
DonsDeals: CrowdStrike - HTTP iframe Injecting Linux Rootkit (Vrius info)
DonsDeals: Download Comodo System-Cleaner
DonsDeals: Facebook Users Targeted By Fake Virus Alert
DonsDeals: Firewall & Antivirus Software Suite - Internet Security | Comodo
DonsDeals: Free Agent: Linux Firewalls and Antivirus--Needed or Not? - PCWorld
DonsDeals: Free Desktop PC Security - Free Downloads Keep your PC Safe | Comodo
DonsDeals: Immunet v2 update on the way: adds multi-engine malware and virus scanning to cloud-powered core
DonsDeals: Jotti's malware scan
DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic
DonsDeals: M86 Security Finds URL Filters Anti Virus Scanners Ineffective
DonsDeals: New Kneber Botnet Tied To 75 000 Systems
DonsDeals: PC Hell: Free RootKit Removal Tools and Software
DonsDeals: Privacy = Security and Security = Privacy...
DonsDeals: Probably the best free security list in the world
DonsDeals: Probably the Best Free Security List in the World
DonsDeals: Probably the Best Free Security List in the World - Updated 28. August 2012
DonsDeals: Re: Viruses now penetrating deeper | Tech News on ZDNet
DonsDeals: Setting up Avast Antivirus to Protect your Windows PC...
DonsDeals: ‪TDL4 MBR Rootkit Virus Alureon TDSS Removal by Britec‬‏ - YouTube
DonsDeals: The first Linux botnet? | ITworld
DonsDeals: There are Viruses, Trojans, Worms and Rootkits, that can infect a Linux OS
DonsDeals: Trinityhome : New TRK 3.4: easier than ever before
DonsDeals: Updated Conficker Ropes Victims into Rogue Antivirus Scam
DonsDeals: VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!
Download Enhanced Mitigation Experience Toolkit 4.1 from Official Microsoft Download Center
Download RogueKiller (Official website)
Download System-Cleaner
Firewall & Antivirus Software Suite - Internet Security | Comodo
Free Antivirus for Windows - Open source GPL virus scanner
Google Translate - http://www.chkrootkit.org/download.htm
Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
Hand of Thief malware could be dangerous (if you install it) - TechRepublic
How to Detect Rootkits on a Computer | eHow.com
Jotti's malware scan
KlamAV
KlamAV - ClamAV for KDE | Free Development software downloads at SourceForge.net
klamav - Google Search
KlamAV GUI Screen Animation
Linux Today - Hand of a Thief malware targets Linux users' bank accounts
Linux Virus - Google Custom Search on DonsDeals Blog
Lynis
New Linux Rootkit Emerges | threatpost
News | VirusBlokAda
online virus scan file upload - Google Search
Powerful Free Microsoft Security Tool EMET has Been Updated
Probably the Best Free Security List in the World
Remote PC through VPN Access - Secure Remote Access | Comodo
remove sasser virus - Google Search
remove sasser virus - Google Search
RogueKiller - CNET Download.com
rootkits computer - Google Search
Rootkit - Wikipedia, the free encyclopedia
Search results for Gizmo's Freeware website
The Rootkit Hunter project
trinity - Google Search
Trojan horse (computing) - Wikipedia, the free encyclopedia
trojans computer - Google Search
Trojans - Google Search
trojan.tdss-7762 - Google Search
Trojan - Trojans and Viruses in Computer Networking
Unhide homepage - Welcome
VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!
VirusTotal - Free Online Virus, Malware and URL Scanner
wine gecko - Google Search
WinPlanet Downloads for Windows Desktop Utilities
worms computer - Google Search
'Neverquest' trojan threatens online banking users - Computerworld
Online banking faces a new threat - Securelist

Virus Software and How To's
Commercial free virus removal tools
Free Virus Removal Protection | Virus Removal Tools | McAfee
PCH Search & Win: free virus removal
PC Tools AntiVirus Free - Download Antivirus and Antispyware Software for Windows®
Security Response Removal Tools - Symantec Corp.
Virus Removal Tools
Easy Clean, Free Virus Removal - Free Download | F-Secure
Emsisoft BlitzBlank - Removes malware infections that nothing else removes
Free Online Tools
F-Secure Labs
How to Use Stinger | McAfee Free Tools
Probably the Best Free Security List in the World
RegRun Reanimator - free Trojan/Adware/Spyware removal tool - Greatis Software
Threat Killer - Security Solutions & Information Technology - NoVirusThanks
Virus Effect Remover | Download Virus Effect Remover software for free at SourceForge.net
Virus Info
Operation Bot Roast - Google Search
FBI DOJ Reveal Operation Bot Roast
Federal Bureau of Investigation - Press Room - Headline Archives - OPERATION: BOT ROAST‘Bot-herders’ Charged as Part of Initiative
TREND MICRO - Security Information:
top virus threats - Google Search
Virus Threats and Analysis
CNET Security Center - CNET.com
Massive Web attack gains momentum | Tech news blog - CNET News.com
Report Phishing Sites
reaper computer virus - Google Search
25th anniversary of the computer virus? Not so fast | Tech news blog - CNET News.com
25th anniversary of the computer virus? Not so fast | The Digital Home - CNET Blogs
computer virus that infects people - Google Search
computer virus that infects people - Google Book Search
RFID Viruses and Worms
Faculty of Science : Vrije Universiteit
Secunia reviews - Google Search
Secunia Security Patch Updater
PSI - Personal Software Inspector - Secunia
Secunia - Google Search
Vulnerability and Virus Information - Secunia
Secunia reviews - Google Search
Search Advisory, Vulnerability, and Virus Database - Secunia
avast! Linux Home Edition 1.x - Vulnerability Report - Secunia
Search Advisory, Vulnerability, and Virus Database - Secunia
decompression bomb - Google Search
Zip bomb - Wikipedia, the free encyclopedia
Know This Term : "Decompression Bomb"
AERAsec - Network Security - Eigene Advisories
Boot sector virus repair
bios virus fix vista - Google Search
Online Virus Scanners
Online malware scan
Free Virus Scan - Kaspersky Lab
online virus scan free - Google Search
F-Secure Support pages: F-Secure Online Virus Scanner
Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security
Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security
Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA
BitDefender Online Scanner - Free Online Virus Scan
BitDefender Online Scanner FAQ
Hbinst.exe - Google Search
Removing Confounding Conficker
w32/magistr.a@mm - Google Search

Virus Software info for P2P Networking
Webroot Security Store - homepage
webrootsecurity - Google Search
AvoidingMalware - Shareaza Wiki
Bitzi - Wikipedia, the free encyclopedia
Bitzi
Shareaza - Bringing P2P
In the Christmas Groove | Derek Close

No comments: