Vawtrak

Posted: September 11, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	1/10
Infected PCs:	5

First Seen:	September 11, 2014
Last Seen:	November 5, 2020
OS(es) Affected:	Windows

Vawtrak, AKA Neverquest, is a banking Trojan, a form of spyware that focuses on stealing bank account information and potentially instigating illicit money transfers. Based on the Gozi family, Vawtrak is in active distribution and development, and recently was confirmed to be engaged in broadening its attacks to new regions of the world. Since Vawtrak is a sophisticated PC threat competing with the likes of Trojan Zeus and other, equally-infamous malware, malware researchers advise you to use anti-malware solutions for finding or deleting Vawtrak with as much alacrity as possible.

Another Trojan's Story: From E-mails to Empty Bank Accounts

Although its earlier attacks focused on Japan, Vawtrak has branched out into other regions, including such varied nations as the United States, Turkey and Australia. Thus far, its predominant distribution method uses Cutwail, a spam botnet Trojan that uses compromised PCs to send e-mail messages containing file attachments of the Vawtrak's installer. One format of spam used to install Vawtrak, although by no means the only one, disguises the payload to look like an official communication from AT&T, the Texas-based phone company.

Vawtrak's installation allows Vawtrak to proceed with Man-in-the-browser or MitB attacks similar to those of Trojan.Shylock, the Tatanga Trojan or Silon. These attacks let Vawtrak inject unsafe content into a Web browser, such as forms that request additional information from its victims. Vawtrak also may monitor information passively, capturing passwords, account user names and other data. Standard data-encrypting security has no effect on Vawtrak's current methods of harvesting information. With this information, third parties may initiate direct, illegal cash transfers.

While the above attacks especially are common issues for bank websites, malware researchers also saw Vawtrak broadening its targets to other data types. Prominent online gaming sites, shopping domains and social networks all are at equal risk of having their users' accounts compromised by Vawtrak.

Protecting Your PC from a Well-Protected Banking Trojan

Vawtrak shows clear evidence of being designed by professionals, and explicitly avoids conducting its network communications in ways that would allow PC security experts or Vawtrak's victims to gain access to useful data. Vawtrak also, like most spyware, is designed to be a stealth-based threat that shows few symptoms with any significant visibility, other than potentially unusual behavior from your Web browser on bank websites. Deleting Vawtrak always should be handled via anti-spyware tools with proven records against similar threats, rather than attempted manually.

With respect to the aftereffects of a Vawtrak-based compromise of an account, you should watch for unusual behavior, such as attempts to transfer money or initiate extra charges. However, safe e-mail-viewing behavior should provide substantial protection from Vawtrak's known distribution methods, and scanning dubious file attachments never should be treated as anything less than a non-negotiable element of keeping your computer secure.

Backdoor:Win32/Vawtrak.A

Vawtrak

Threat Metric

Another Trojan's Story: From E-mails to Empty Bank Accounts

Protecting Your PC from a Well-Protected Banking Trojan

Related Posts

Leave a Reply