Tuesday, December 11, 2012

Necurs Trojan Distributed via Drive-by-Download Attacks

Trojan HorseUsers that don’t follow the best computer security practices run the risk of having their PC infected by a variant of Trojan:Win32/Necurs (“Necurs”), warn Microsoft security researchers.

Over 83,427 unique computers were reported to be infected by variants of the Necurs Trojan in November. The large number of infections is likely due to the fact that the Trojan is silently installed on computers via drive-by-download attacks whenever end-users visit a malicious site housing an exploit kit, such as widely-used Blackhole exploit pack.

Once installed on a computer, the Necurs Trojan will modify registry keys to ensure it starts whenever the system is booted, download components that will prevent a variety of legitimate antivirus solutions from functioning properly, download additional malware including rogue security software, open a backdoor to give attackers remote access to the system, and more.

Keeping Your PC Safe from Trojan:Win32/Necurs

To minimize the chances of infection, Microsoft recommends that users:

  • Keep their operating system fully patched and up-to-date to close security holes that may be exploited in drive-by-download attacks.

  • Use antivirus and always keep the virus definitions current. (Microsoft, ESET & Kaspersky all offer antivirus capable of detecting, blocking and/or removing this threat.)

  • Exercise caution when following shortened URLs or clicking links within emails.

  • Do not download or open files attached to suspicious emails.

  • Enable a firewall on your computer.

  • Use a Windows account with limited user privileges.

Removing Trojan:Win32/Necurs

If you suspect that your system may have been compromised by the Necurs Trojan, run a full system scan using an up-to-date antivirus. The following vendors are known to offer security solutions capable of detecting & removing this threat:

  • Microsoft (detected as Trojan:Win32/Necurs)

  • ESET (detected as Win32/TojanDownloader.Necurs.B)

  • Kaspersky (detected as Trojan-Dropper.Win32.Necurs.va)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment