For over 5 years, the Trojan Zeus was unquestionably the king of banking malware. Once the Trojan was loaded into the victim's computer, it could:
- Identify when the user gave bank details to the web browser.
- Steal codes and other login information.
- To encrypt the stolen ones information and send it to the attacker's server.
Zeus was also the first malware which was sold under license. With the right price anyone could use it.
Zeus has remained active until today even though its code was published online at 2011. Unfortunately, security experts are already drawing attention to a new malware that makes them Zeus to play. Neverquest raises the bar in online banking malware.
How does it work:
Like Zeus, Neverquest is a Trojan. The attacker introduces Neverquest to the victim's computer via social media, email, or some file transfer. In accordance with security blog 'Threat post' o Neverquest replicates similarly to the Bredolab botnet (Before the Bredolab Botnet was disbanded it consisted of 30 million computers!).
If the victim's computer targeted by the Neverquest loader is exposed to a exploit, the malware is installed. Then, Neverquest begins to observe what the user types in the web browser. If it recognizes a predetermined financial term, it checks the website's domain name (Neverquest has hundreds of banking organizations in its database, so there is a high probability that it will recognize the bank's site).
Μόλις ο Neverquest αναγνωρίσει ένα site τράπεζας, θα μεταφέρει τις πληροφορίες login στο κεντρικό server του επιτιθέμενου. Από τη στιγμή που τα διαπιστευτήρια του θύματος θα βρεθούν στα χέρια του επιτιθέμενου, θα μπορεί να ελέγξει τον υπολογιστή του θύματος χρησιμοποιώντας οποιοδήποτε VNC program και να συνδεθεί στην τραπεζική ιστοσελίδα του θύματος οπότε θα έχει τα δυνατότητα να μεταφέρει χρήματα και να αλλάξει τα στοιχεία Login ‘κλείνοντας απ' έξω' τον χρήστη.
One Possession of Neverquest that Zeus did not have is that he can add a new bank site to his database. If the Trojan recognizes bank terms but not the domain will send the information back to the server and create a new entry and then update to all the infected computers.
Unfortunately Neverquest is already available for sale. Unlike Zeus, who needed skilled pilots, Neverquest can be used by any beginner with what he bought.
"Threats like Neverquest require more than just a simple antivirus, users need a solution to secure their online transactions," Kaspersky said in a blog post. It is also reported that Neverquest is designed to steal data from various other sites besides banks, such as Facebook, Twitter, Skype, Google.
We thank her warmly SecTeam @ Walkin.