Unexpected reboot: Necurs

From Botnets.fr
Revision as of 15:29, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Unexpected reboot: Necurs
Botnet Necurs
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-12-06
Editor/Conference Microsoft
Link http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx blogs.technet.com (blogs.technet.com Archive copy)
Author Tim Liu
Type

Abstract

Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012.

Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole.

So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:

Download additional malware Hide its components Stop security applications from functioning In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1261,
   editor = {Microsoft},
   author = {Tim Liu},
   title = {Unexpected reboot: Necurs},
   date = {06},
   month = Dec,
   year = {2012},
   howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx blogs.technet.com}},
 }