Multipurpose Necurs Trojan infects over 83,000 computers
Posted on 10.12.2012
The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsoft's solutions!

The Necurs Trojan is capable of:
  • Modifying the computer's registry in order to make itself start after every reboot.
  • Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and Microsoft. According to Microsoft's researchers, Microsoft Security Essentials' real time protection option is often turned off after an infected computer has been rebooted.
  • Disabling the running firewall
  • Contacting a remote host for command and control instructions via HTTP port 80, and sometimes downloading and installing additional malware (mostly rogue AVs) and loading a malicious DLL component that allows attackers to send out spam via Gmail.
  • Creating a permanent backdoor into the system, which allows attackers to gain complete control of the affected computer.
Necurs uses MD5 and SHA1 to encrypt its network traffic data when sending or receiving, and contains a regularly updated driver that protects every Necurs component from being removed

According to Microsoft researchers, the current proliferation of this particular malware family is due to the fact that it is being distributed largely by drive-by download, from websites hosting a variety of exploit kits, including the ever-popular Blackhole.

Microsoft offers a handy document that explains the malware's characteristics, the symptoms that a computer infected with Necurs would show, tips on preventing getting infected and on removing the threat if one finds it on their computer.


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th