Apparently, it can break into the accounts of about 100 different banks and uses just about every trick in the hacker’s handbook to do so. Moreover, there’s a widespread belief within the industry that it could do a lot of damage and potentially infect millions of vulnerable computers.
Twin malware track attack
One method it adopts is to steal passwords associated with different web sites. By using the stolen passwords it plants malicious code on these websites. People visiting the infected websites could then potentially be infected by clicking on a code-loaded link within the web site. When this happens the malware then uses different techniques to infect the user’s computer.
Once in, it begins harvesting banking details such as user names and passwords which are sent directly to the cyber crooks. They then aim to go directly to the bank and transfer money from the compromised accounts to the accounts they’ve set up to gather the cash.
It also has another modus operandi – lifting contact information from an infected user’s email account. The information is then gathered up and used to send out mass spam mailings with attachments containing malware designed to install the virus. The emails are supposedly designed to look like official notifications for a range of online services.
Malware is getting cleverer
Apparently, the code is also designed to detect when a user is on a banking web site by identifying relevant phrases such as ‘account summary’ or ‘available balance.’ The malware then sends details back to the hackers who will no doubt use it to extend their cash grab dragnet.
‘Neverquest’ was put up for sale on the deep web hacker forums back in July by its creators. Now criminal gangs have bought it from the hackers hence its rather sudden entrance into the mainstream internet.
Online identity theft on large scale
While neverquest has just been recently detected it has apparently already attempted to infect thousands of computers. Because it uses so many attack vectors industry experts reckon it could do some serious damage in terms of online identity theft given that there are so many vulnerable computers out there.
There are claims that standard antivirus packages won’t detect it. At BullGuard we’ve run a check and it is picked up by our antivirus software. It uses multiple layers of detection to not only identify and stop known viruses but also detect new viruses like neverquest. If you’re not running antivirus software, do yourself a favour and check out this link for a free BullGuard virus scan. You could save yourself a whole world of trouble.
The Mother of all Malware does exist
On a separate note you may have read our earlier blog on a Canadian security researcher who claimed his computers were being controlled by ultrasonic sound transmitted from computer speakers and microphones.
There was much speculation as to whether this airborne malware was possible, or whether it even existed given that ‘airware’ code has never previously been discovered.
Let’s put this one to bed then. It does exist, at least as a proof-of-concept. Researchers at Fraunhofer Institute for Communication, Information Processing, and Ergonomics in Germany managed to get computers to exchange inaudible broadcasts over distances of up to 65 feet. You can read all about it here. Hello brave new world.