Trojan.viknok!inf
Posted: April 21, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 61 |
| First Seen: | April 21, 2014 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Viknok is a banking Trojan that gathers bank account credentials by monitoring your Web-browsing activity. Because of its predisposition for infecting normal Windows files and using semi-randomized file names, Trojan.Viknok is difficult to identify by sight, and even more difficult to remove without assistance by proper anti-malware tools. Considering Trojan.Viknok's potential for abusing personal account credentials, malware experts recommend deleting Trojan.Viknok immediately, and with utilities that can safely disinfect compromised system files.
The Trojan Grabbing Money from the Hands of Mother Russia
Although it is a long-distributed saying that Russians are used to hardships from their country, the development of threats like Trojan.Viknok gives Russian residents new reasons to worry about their online security at least as much as they worry about physical security. Even though Trojan.Viknok does not have the general file-infecting functions of a threat, Trojan.Viknok does subvert a normal Windows file, rpcss.dll, by injecting threatening code into it. From that point, Trojan.Viknok may launch automatically and proceed with the other attacks observed by malware researchers:
- Trojan.Viknok disables certain security programs by detecting and terminating their memory processes. As usual, major brands of anti-malware, anti-virus and anti-spyware vendors especially are targeted.
- Trojan.Viknok constantly monitors major Windows browsers, including Internet Explorer, Opera, Firefox and Chrome. Any traffic related to various PC security domains, anti-malware domains or e-mail domains also will be monitored specifically. Interestingly, the latter two types of websites are limited to Russian domains (denoted by the .ru suffix).
- Lastly, Trojan.Viknok also maintains a standard backdoor connection to any of several C&C servers.
Trojan.Viknok harvests any confidential account-related data that's accessible in these website interactions. The banking Trojan then transfers the stolen data to its Command & Control server. Malware experts usually find that these attacks result in fraudulent bank account transactions although the consequences of Trojan.Viknok infections may not be immediately obvious.
Keeping Trojan.Viknok from Creeping into Your Bank Account
The Windows system folder conceals Trojan.Viknok's components, and, by using randomized file names, they make it difficult to detect them without proper anti-malware equipment – which Trojan.Viknok may disable. In cases where threats like Trojan.Viknok is interfering with the launch of needed anti-malware tools, you should boot your PC in Safe Mode or use other procedures that are known for disabling auto-launching threats. While removing Trojan.Viknok is strongly encouraged, malware experts must warn all readers that attempting to delete files infected by Trojan.Viknok may harm the Windows OS.
Trojan.Viknok was first identified in 2013. Its current distribution methods are under investigation. Previously, malware experts saw many banking Trojans distributed through the help from other PC threats, including exploit kits and Trojan droppers. Careful browsing habits can help avoid many of these dangers, but live anti-malware protection also should be able to block their attacks when appropriate. Regardless, it has become clear that Russia's unique status in the criminal underworld has not granted it immunity to banking Trojans.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.