Unexpected reboot: Necurs
(Publication) Google search: [1]
| Unexpected reboot: Necurs | |
|---|---|
| Botnet | Necurs |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-12-06 |
| Editor/Conference | Microsoft |
| Link | http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx (Archive copy) |
| Author | Tim Liu |
| Type | |
Abstract
“ Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012.
Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole.
So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
Download additional malware Hide its components Stop security applications from functioning In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1261,
editor = {Microsoft},
author = {Tim Liu},
title = {Unexpected reboot: Necurs},
date = {06},
month = Dec,
year = {2012},
howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx}},
}