New malware Neverquest threatens bank site security

Recently, Kaspersky discovered a new malicious software neverquest for bank website. By implanting plug-in code on a bank website, Neverquest can attack about 100 banks if the user accesses a bank website on IE or Firefox. and using VNC or other methods, Neverquest can attack any bank in any country. It supports each of the methods used in online banking attacks: Web placement, remote system access, social engineering, and so on. The main function of neverquest is to use a dynamic function library installed in an add-on program (such as a Trojan-horse downloader or Trojan-mount) in a system that installs an extension in the%appdata% folder. A function library file for DAT (such as Qevcxcw.dat). Because in the registry "SOFTWARE\Microsoft\Windows\CurrentVersion\Run." "regsvr32.exe/s [path to library]" is added, and this function library runs automatically. The program then starts a unique export command from this function library and initializes the malicious program. The program looks at whether a copy of it has been installed on the computer, and if not, it launches the VNC server and sends the first request to the command center to receive a configuration file. The configuration file is encrypted by a key that is packaged by the Aplib function library compression package and then routed to the command center. The configuration file has a set of malicious JavaScript files and a list of Web sites that will be installed when you start IE or Firefox. When a user accesses a Web site in a list on an infected computer, neverquest controls the browser's connection to the server. After acquiring the user's online banking system account, the hacker uses the SOCKS server to connect to the infected computer remotely via the VNC server, then trades online, transfers the user's money to his or her account, or transfers to other victim accounts for suspicion. Of all the neverquest-targeted sites, fidelity.com, the US Fidelity Investment Group, is one of the world's largest mutual fund companies, and its Web site offers users many ways to manage online finance. This allows malicious users not only to transfer cash to their accounts, but also to trade shares through the accounts and money of victims of neverquest attacks. In 2009, Kaspersky Labs detected malware bredolab,neverquest using the same self-replicating method as it did. It has three modes of transmission: 1. Neverquest has a lot of data, and they access the FTP database through some programs. After these programs steal data, hackers use neutrino to further propagate the malware using the toolkit. 2.Neverquest uses a user mail client to steal data during a Smtp/pop session. Through this data, hackers send a large number of spam messages containing attachments to Trojan downloads, and then install Neverquest, which looks particularly like official emails from different service providers. 3. Neverquest steals data by visiting many popular social networking service accounts. How does editorial recommendation identify and block emerging PDF malware attacks? Malware Analyst: Enterprise data disclosure incidents are often not disclosed malware detection is going to end how to find alternatives? US Abe use malware to infiltrate network malware disguised as IIS module load most anti-virus product kill "responsible editor: Blue Rain Tear TEL: (010) 68476606" Original: New malware neverquest threat Bank website safe return to network security home