Home Malware Programs Trojans Trojan.viknok!inf

Trojan.viknok!inf

Posted: April 21, 2014

Threat Metric

Threat Level: 9/10
Infected PCs: 61
First Seen: April 21, 2014
OS(es) Affected: Windows


Trojan.Viknok is a banking Trojan that gathers bank account credentials by monitoring your Web-browsing activity. Because of its predisposition for infecting normal Windows files and using semi-randomized file names, Trojan.Viknok is difficult to identify by sight, and even more difficult to remove without assistance by proper anti-malware tools. Considering Trojan.Viknok's potential for abusing personal account credentials, malware experts recommend deleting Trojan.Viknok immediately, and with utilities that can safely disinfect compromised system files.

The Trojan Grabbing Money from the Hands of Mother Russia

Although it is a long-distributed saying that Russians are used to hardships from their country, the development of threats like Trojan.Viknok gives Russian residents new reasons to worry about their online security at least as much as they worry about physical security. Even though Trojan.Viknok does not have the general file-infecting functions of a threat, Trojan.Viknok does subvert a normal Windows file, rpcss.dll, by injecting threatening code into it. From that point, Trojan.Viknok may launch automatically and proceed with the other attacks observed by malware researchers:

  • Trojan.Viknok disables certain security programs by detecting and terminating their memory processes. As usual, major brands of anti-malware, anti-virus and anti-spyware vendors especially are targeted.
  • Trojan.Viknok constantly monitors major Windows browsers, including Internet Explorer, Opera, Firefox and Chrome. Any traffic related to various PC security domains, anti-malware domains or e-mail domains also will be monitored specifically. Interestingly, the latter two types of websites are limited to Russian domains (denoted by the .ru suffix).
  • Lastly, Trojan.Viknok also maintains a standard backdoor connection to any of several C&C servers.

Trojan.Viknok harvests any confidential account-related data that's accessible in these website interactions. The banking Trojan then transfers the stolen data to its Command & Control server. Malware experts usually find that these attacks result in fraudulent bank account transactions although the consequences of Trojan.Viknok infections may not be immediately obvious.

Keeping Trojan.Viknok from Creeping into Your Bank Account

The Windows system folder conceals Trojan.Viknok's components, and, by using randomized file names, they make it difficult to detect them without proper anti-malware equipment – which Trojan.Viknok may disable. In cases where threats like Trojan.Viknok is interfering with the launch of needed anti-malware tools, you should boot your PC in Safe Mode or use other procedures that are known for disabling auto-launching threats. While removing Trojan.Viknok is strongly encouraged, malware experts must warn all readers that attempting to delete files infected by Trojan.Viknok may harm the Windows OS.

Trojan.Viknok was first identified in 2013. Its current distribution methods are under investigation. Previously, malware experts saw many banking Trojans distributed through the help from other PC threats, including exploit kits and Trojan droppers. Careful browsing habits can help avoid many of these dangers, but live anti-malware protection also should be able to block their attacks when appropriate. Regardless, it has become clear that Russia's unique status in the criminal underworld has not granted it immunity to banking Trojans.

Loading...