Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide


  • Please log in to reply
10 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,700 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:08:51 AM

Posted 25 March 2015 - 03:36 PM

 

Security researcher has discovered some new features in the most dangerous Vawtrak, aka Neverquest, malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network.
 
The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth analysis (PDF) on the new and complex set of features of the malware which is considered to be one of the most dangerous threats in existence.
 
Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces. The features include videos and screenshots capturing and launching man-in-the-middle attacks.
 
HOW VAWTRAK SPREADS ?
AVG anti-virus firm is warning users that it has discovered an ongoing campaign delivering Vawtrak to gain access to bank accounts visited by the victim and using the infamous Pony module in order to steal a wide range of victims’ login credentials.
 
 

The Vawtrak Banking Trojan spreads by using one of the three ways:
 
  • Drive-by download – spam email attachments or links to compromised sites
  • Malware downloader – like Zemot or Chaintor
  • Exploit kit – like as Angler Exploit Kit

 

Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 PM

Posted 25 March 2015 - 05:20 PM

Maybe they should send this to the Federal Reserve and publish the state of our true financial status. :whistle:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:51 PM

Posted 25 March 2015 - 05:29 PM

Maybe they should send this to the Federal Reserve and publish the state of our true financial status. :whistle:

I can't tell if you are being serious or not quietman7 :whistle:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 PM

Posted 25 March 2015 - 05:47 PM

I edited my last reply (and your quote) to include the word "send" which I meant to include.

And yes, I was injecting a bit of humor....although I really would like to know the answer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Fremont PC

Fremont PC

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 April 2015 - 04:47 PM

Quietman -

 

As with any fully fiat currency that floats on the foreign exchange, the USD has no intrinsic value and the Gov't doesn't have to obtain anything to back it, whether it "prints" 1 dollar or 1 billion. It's simply a fiat tax credit that accumulates in the private sector's bank accounts (yours, mine, biz, state and local gov'ts, foreign accounts). We haven't had the type of currency you refer to for going on half a century. That was a representative currency (backed by a fixed amount of gold, silver, etc.). That's how come "printing" $18T didn't cause hyperinflation (or much of any inflation). Now, if the Gov't put that 18T in the hands of people that intend to spend it, THEN it would have an impact on prices. As it is, most of it sits as excess reserves in the system and doesn't do much of anything, aside from giving politicians (who apparently think we still have the old style currency) something to scare the electorate with.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 PM

Posted 04 April 2015 - 05:27 PM

As I said, I was injecting a bit of humor. For me to address your reply...that is a topic for another discussion in a different forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Fremont PC

Fremont PC

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 April 2015 - 09:01 PM

In the Speak Easy then, when it gets approved.



#8 Fremont PC

Fremont PC

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 April 2015 - 09:31 PM

Back to the topic, I'm not seeing a ton of coverage of Vawtrak / Neverquest in the mainstream blogs. There's been some mention, for sure, but not like the Crypto's. Is the main distribution method spoofed emails, which seems to be so popular these days? The spoofers seem to be getting better at it, I haven't seen one lately that starts out "Darling MSN user" or the like.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:51 PM

Posted 05 April 2015 - 09:38 AM

The reason you don't see a lot of coverage on it Fremont is because its not the only banking Trojan that exists and there's tons of them active and that are being covered. What you'll see covered is "banking Trojans" and not a single one of them at the time, unless they become spread massively that they become a global threat, a bit like the GameOver ZeuS botnet. Other than that, these banking Trojans usually all spread the same ways (the ones mentioned in the article) and the protection advice against them stays generally the same after. Imagine if there was a coverage campaign for every adware that exists. It would never end :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Fremont PC

Fremont PC

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 05 April 2015 - 09:27 PM

Thanks, Aura. Makes sense.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:51 PM

Posted 06 April 2015 - 05:20 AM

No problem Fremont :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users