Multipurpose Necurs Trojan infects over 83,000 computers
Posted on 10.12.2012
The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsoft's solutions!

The Necurs Trojan is capable of:
  • Modifying the computer's registry in order to make itself start after every reboot.
  • Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and Microsoft. According to Microsoft's researchers, Microsoft Security Essentials' real time protection option is often turned off after an infected computer has been rebooted.
  • Disabling the running firewall
  • Contacting a remote host for command and control instructions via HTTP port 80, and sometimes downloading and installing additional malware (mostly rogue AVs) and loading a malicious DLL component that allows attackers to send out spam via Gmail.
  • Creating a permanent backdoor into the system, which allows attackers to gain complete control of the affected computer.
Necurs uses MD5 and SHA1 to encrypt its network traffic data when sending or receiving, and contains a regularly updated driver that protects every Necurs component from being removed

According to Microsoft researchers, the current proliferation of this particular malware family is due to the fact that it is being distributed largely by drive-by download, from websites hosting a variety of exploit kits, including the ever-popular Blackhole.

Microsoft offers a handy document that explains the malware's characteristics, the symptoms that a computer infected with Necurs would show, tips on preventing getting infected and on removing the threat if one finds it on their computer.






Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //