- Jan 24, 2011
- 9,378
New Neverquest malware steals bank account logins and lets attackers access accounts through victims' computers.
For over five years, Zeus has been the undisputed king of banking malware. Once this trojan was loaded onto a victim's machine, it could:
Zeus remains active today, but its source code was published online in 2011 and this cyberscourge has about run its course. Unfortunately, Security experts are already sounding the alarm about a new piece of malware that makes Zeus look like a simpleton.Neverquest significantly raises the bar for online banking malware.
How Neverquest works
Like Zeus, Neverquest is a Trojan. Bad guys introduce Neverquest to the victim’s computer via social media, email, or file transfer. According to the security blog Threat Post, Neverquest replicates in a manner similar to the Bredolab botnet client:
"Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet."
Before it was shuttered, the Bredolab botnet consisted of 30 million computers. Why not use something that works?
If the victim’s computer is vulnerable to an exploit targeted by Neverquest’s trojan loader; the malware is installed. Then Neverquest starts paying attention to what the user is typing into their web browser. If a predetermined financial term is recognized, Neverquest checks the website domain name. Since, Neverquest has hundreds of banking and financial institutions in its database; there’s a better than average chance Neverquest will be familiar with the banking website.
Once Neverquest recognizes a banking site, it will relay the login information back to the attackers’ command and control server. Once the victim's credentials are in the hands of the attackers, they will remotely control the victim's computer using VNC, log into the victim's banking website, and do one of the following:
Read more: http://www.techrepublic.com/blog/it...king-malware-more-dangerous-than-zeus-trojan/
For over five years, Zeus has been the undisputed king of banking malware. Once this trojan was loaded onto a victim's machine, it could:
- Detect when the owner entered banking information into a web browser.
- Steal passwords and other pertinent login information.
- Encrypt the stolen information and send it to the attacker's specified servers.
Zeus remains active today, but its source code was published online in 2011 and this cyberscourge has about run its course. Unfortunately, Security experts are already sounding the alarm about a new piece of malware that makes Zeus look like a simpleton.Neverquest significantly raises the bar for online banking malware.
How Neverquest works
Like Zeus, Neverquest is a Trojan. Bad guys introduce Neverquest to the victim’s computer via social media, email, or file transfer. According to the security blog Threat Post, Neverquest replicates in a manner similar to the Bredolab botnet client:
"Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet."
Before it was shuttered, the Bredolab botnet consisted of 30 million computers. Why not use something that works?
If the victim’s computer is vulnerable to an exploit targeted by Neverquest’s trojan loader; the malware is installed. Then Neverquest starts paying attention to what the user is typing into their web browser. If a predetermined financial term is recognized, Neverquest checks the website domain name. Since, Neverquest has hundreds of banking and financial institutions in its database; there’s a better than average chance Neverquest will be familiar with the banking website.
Once Neverquest recognizes a banking site, it will relay the login information back to the attackers’ command and control server. Once the victim's credentials are in the hands of the attackers, they will remotely control the victim's computer using VNC, log into the victim's banking website, and do one of the following:
- Transfer money to different accounts
- Change login credentials, locking out account owner
- Write checks to money mules
Read more: http://www.techrepublic.com/blog/it...king-malware-more-dangerous-than-zeus-trojan/
