According to security researchers, a new Trojan program is expected to spread rapidly over the next few months. The Trojan program called Neverquest, discovered on a private cybercrime forum in July, targets online financial services users. Neverquest is financial malware designed to steal credentials on financial- related applications or websites. PCs and smartphones are both vulnerable to financial malware.
Neverquest-attempted infections were discovered all around the world, with several thousand attempts recorded by mid-November. Sergey Golovanov, a malware researcher at Kaspersky Lab, wrote in a blog post, “This threat is relatively new, and cybercriminals still aren’t using it to its full capacity. In light of Neverquest’s self-replication capabilities, the number of users attacked could increase considerably over a short period.”
Similar to other financial malware, Neverquest has the ability to change the content of websites inside Internet Explorer or Firefox. Often, the modification involves injecting rogue forms into them, to get usernames and passwords by the website’s users. The attacker can control infected computers remotely using virtual network computing.
Neverquest also includes features that are different from other financial malware. For example, the default configuration defines 28 targeted websites involving large international banks and online payment services. The malware also searches for the victim’s commonly visited webpages containing keywords such as balance, account summary, and checking account. This allows the attacker to discover new financial website targets and change the scripts for the malware.
Neverquest steals log-in credentials from file transfer protocol (FTP) client applications that have been installed onto the victim’s computer. With the FTP credentials, the attacker can infect websites using a Neutrino Exploit Kit. The exploit pack discovers vulnerabilities within browser plug-ins. When a user visits an infected website, the malware is downloaded onto the computer.
Neverquest also sends spam emails with malicious attachments. Often, these emails are designed to appear as official notifications from important services. According to Kaspersky Lab, consumers can expect many Neverquest attacks for the rest of 2013. Ultimately, users must be aware of the potential for these malware attacks and online cash theft.
Concerned? After the damage CryptoLocker caused, all businesses must be vigilant and have an up-to-date computer and network security plan in place. Does your business?
Are you at risk from having Neverquest or CryptoLocker strike your business?
Does your business in Houston have the right computer security or network security program in place? Many of your peers do not and CITOC is focused on ensuring the security of all businesses in Houston. Call (713) 490-5000 or email us today at firstname.lastname@example.org to book a no-obligation IT, computer and network security review with our team of IT experts.