Corkow Trojan
Posted: February 14, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 4,314 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 2,401 |
First Seen: | February 14, 2014 |
---|---|
Last Seen: | October 17, 2023 |
OS(es) Affected: | Windows |
The Corkow Trojan is a multi-purpose spyware program with code partially 'borrowed' from Zeus. Like Trojan Zeus, the Corkow Trojan includes several, different ways of stealing privileged information, with a focus on your Web browser activities, banking activities and, unusually, BitCoin transactions. By the current numbers, Eurasia is at the greatest risk of new Corkow Trojan attacks, but malware experts find the Corkow Trojan to be just as potentially threatening when deployed against PCs throughout the world. Finding and removing any Corkow Trojan should use advanced anti-malware software combined with appropriate security techniques, which all may be necessary to prevent your personal information from being leaked to criminals.
The Russian Problem: a Spyware Role Reversal
Previously, malware researchers saw different cases of advanced spyware programs avoiding attacks against Russia – most likely, as a way for criminal coders to avoid any legal issues while residing in that very nation. The Corkow Trojan has taken the exact opposite stance, with its campaigns centering, in large part, on victimizing residents of Russia, with Ukraine as a distant second. Corkow Trojans are designed with expandability in mind, allowing criminals to add extra components in a modular fashion, which is a design model that criminals often use to distribute and 'rent out' versions of their threat to other, third party criminals, who may distribute and use them for monthly fees. Variants of Fareit and the Pony botnet are examples of some of the modules that the Corkow Trojan may support, in addition to its innate functions.
As far as its inherent features go, malware experts have seen some significant information-stealing capabilities from the Corkow Trojan, including:
- The Corkow Trojan includes features for intercepting privileged financial information related to the iBank2 system (a financial transaction system most prominent in Russia and neighboring countries).
- Further targeting Russia, the Corkow Trojan also has a second module intended to compromise independent banking utilities for Sberbank.
- However, the Corkow Trojan also has more general interests than banking data. The Corkow Trojan collects your browser history, Web search terms and other Web browser-based information.
- Like any other advanced banking Trojan, the Corkow Trojan also has a keylogger function that lets the Corkow Trojan capture typed information. This feature, while semi-redundant, also lets the Corkow Trojan have access to any data that the Corkow Trojan may have missed with the other, more specific functions.
The Sleeping Spyware Awakens
The Corkow Trojan also has several functions besides the primary attacks listed above and shows some signs of being interested in targeting users of BitCoin wallets, as well as Google Play developers. Another interesting quirk is the fact that, despite being several years old, the Corkow Trojan campaign experienced an extreme slump in the middle of 2012. However, that slump has long since subsided, and its purpose remains a mystery to be unraveled when its coders are, hopefully, brought to justice. The Corkow Trojan, along with all of its aggressive features, also includes features meant to block the Corkow Trojan from being detected by both casual PC users and advanced threat analysis setups, and you shouldn't anticipate being able to notice a Corkow Trojan infection by eye.
With the Corkow Trojan including all of the usual risks of high-level spyware, along with some new dangers of its own, you should act to block and remove any Corkow Trojan from your PC as fast as possible. Rebooting through a safe USB device and then using updated anti-malware software to delete the Corkow Trojan completely is strongly advised. As a follow-up, malware experts would suggest modifying passwords and any information that may have been stolen by the Corkow Trojan prior to its exit from your machine.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.