For over 5 years, the Trojan Zeus was undoubtedly the king of banking malware. Once the Trojan was loaded onto the victim's computer it could:
- Identify when the user gave bank details to the web browser.
- Steal codes and other login information.
- Encrypt stolen information and send it to the attacker's server.
Zeus was also the first malevolent software που πουλήθηκε με άδεια. Με την κατάλληλη price anyone could use it.
Zeus has remained active until today even though its code was published online at 2011. Unfortunately, security experts are already drawing attention to a new malware that makes them Zeus to look like a game. THE never quest raises the bar for online banking malware quite a bit.
How does it work:
Like Zeus, Neverquest is a Trojan. The attacker introduces Neverquest to the victim's computer via social media, email, or some file transfer. In accordance with security blog 'Threat post' o Neverquest replicates similarly to the Bredolab botnet (Before the Bredolab Botnet was disbanded it consisted of 30 million computers!).
Αν ο υπολογιστής του θύματος που έχει τεθεί στόχος από τον loader του Neverquest είναι εκτεθειμένος σε ένα exploit, το malware εγκαθίσταται. Τότε, ο Neverquest αρχίζει να παρατηρεί τι γράφει ο χρήστης στον web browser. Αν αναγνωρίσει κάποιο προκαθορισμένο οικονομικό όρο ελέγχει το domain name της by clicking here(Neverquest has hundreds of banking organizations in its database so there is a high probability that it will recognize the bank's site).
Once Neverquest recognizes a bank site, it will transfer the login information to the attacker's central server. Once the victim's credentials are in the attacker's hands, he will be able to control the victim's computer using any VNC program and connect to the victim's banking website where he will be able to transfer money and change login details. locking out the user.
One feature of Neverquest that Zeus did not have is that it can add new banking sites to its database. If the Trojan recognizes banking conditions but not the domain will send the information back to the server and create a new entry and then update all infected computers.
Unfortunately Neverquest is already available for sale. Unlike Zeus, who needed skilled pilots, Neverquest can be used by any beginner with what he bought.
"Threats like Neverquest require more than just a simple antivirus, users need a solution to secure their online transactions," Kaspersky said in a blog post. It is also reported that Neverquest is designed to steal data from various other sites besides banks, such as Facebook, Twitter, Skype, Google.
We thank her warmly SecTeam @ Walkin.