Difference between revisions of "Unexpected reboot: Necurs"
m (1 revision imported) |
|||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
| | |Botnet=Necurs, | ||
| | |Malware=, | ||
| | |ExploitKit=, | ||
| | |CCProtocol=, | ||
|Year=2012 | |||
| | |||
|Date=2012-12-06 | |Date=2012-12-06 | ||
|Editor=Microsoft | |Editor=Microsoft | ||
| | |Link=http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx | ||
| | |Author=Tim Liu, | ||
|Abstract=Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012. | |Abstract=Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012. | ||
| Line 23: | Line 19: | ||
Stop security applications from functioning | Stop security applications from functioning | ||
In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details. | In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details. | ||
| | |Document= | ||
|Malware | |Licence= | ||
| | |Video= | ||
| | |NomRevue=Malware Protection Center | ||
|Operation=, | |ISBN= | ||
|Keyword=, | |Page= | ||
|Operation=, | |||
|Keyword=, | |||
}} | }} | ||
Latest revision as of 23:28, 30 July 2015
(Publication) Google search: [1]
| Unexpected reboot: Necurs | |
|---|---|
| Botnet | Necurs |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-12-06 |
| Editor/Conference | Microsoft |
| Link | http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx (Archive copy) |
| Author | Tim Liu |
| Type | |
Abstract
“ Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012.
Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole.
So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
Download additional malware Hide its components Stop security applications from functioning In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1261,
editor = {Microsoft},
author = {Tim Liu},
title = {Unexpected reboot: Necurs},
date = {06},
month = Dec,
year = {2012},
howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx}},
}