RTKT_NECURS.RBC
Posted: April 10, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 42 |
| First Seen: | April 10, 2014 |
|---|---|
| Last Seen: | June 12, 2022 |
| OS(es) Affected: | Windows |
RTKT_NECURS.RBC is a new spinoff of the Necurs family of rootkits, a family that could be described as prolific even three or four years ago. This most recent attack has been narrowed down to spam e-mail as the primary infection vector, with RTKT_NECURS.RBC being installed by a variant of a prominent banking Trojan, which is installed by a Trojan downloader that, in turn, is embedded in the e-mail message's file attachment. Since RTKT_NECURS.RBC can block any anti-malware solutions that could disinfect your PC, preventative defenses are crucial, and malware experts also warn that confidential banking information is particularly likely to be stolen by threats related to RTKT_NECURS.RBC.
The Latest Shape of the Recurring Necurs Rootkit
2012 saw a particular focus on Necurs rootkits, where they became especially widespread with help from attacks such as the Blackhole Exploit Kit, or Blacole. However, BEK's decline in popularity has led to third parties using other methods of distributing these rootkits. RTKT_NECURS.RBC is a particularly noteworthy example, since its installer is a major threat in and of itself: the banking Trojan, Trojan Zeus.
The attack begins with a spam e-mail that claims to carry a supposedly encrypted communication from a major bank chain. These MSG file attachments include additional, embedded MSG files, which may install a variant of the Trojan downloader, Upatre. Upatre then will install TSPY_ZBOT.YYKE, the Zeus variant. TSPY_ZBOT.YYKE then installs RTKT_NECURS.RBC, a rootkit whose design focuses on disabling essential security programs. Anti-virus, anti-malware and anti-spyware products by major brands, along with standard Microsoft security applications, are RTKT_NECURS.RBC's usual targets.
Both RTKT_NECURS.RBC and TSPY_ZBOT.YYKE may create backdoor vulnerabilities that allow outsiders to control your computer remotely. Other payloads from RTKT_NECURS.RBC may include installing rogue anti-malware products, sending spam messages or monitoring your network activity. Meanwhile, variants of Zbot also may target and track sensitive information, especially account passwords and other information associated with online banking activities.
Getting to the 'Rootkit' of the RTKT_NECURS.RBC Problem
Rootkits erect very specific barriers to disinfecting a compromised PC, and often require the use of a separate OS (typically one loaded through a CD or USB drive) to be deleted. The circumstances of RTKT_NECURS.RBC's installation also makes it likely that most essential anti-malware tools may fail to launch until additional security steps are taken to block all active threats, including RTKT_NECURS.RBC, TSPY_ZBOT.YYKE and TROJ_UPATRE.YYKE (the Upatre variant). Until such a time, malware researchers recommend that you assume that your computer potentially is under the external control of unsafe entities.
While the risks posed by RTKT_NECURS.RBC rootkits certainly aren't very original, it is newsworthy that cybercrooks are continuing to develop new ways of delivering threats through e-mail. The utilization of social engineering to lure victims into installing threats personally is a double-edged sword: although it requires your consent to launch the threat that, ultimately, is responsible for RTKT_NECURS.RBC, but also allows canny PC users to avoid the attack entirely. As per the usual, malware researchers find that nothing good may come of opening strange file attachments from sources that haven't been verified for legitimacy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.