Home Malware Programs Malware Vawtrak


Posted: September 11, 2014

Threat Metric

Threat Level: 1/10
Infected PCs: 5
First Seen: September 11, 2014
Last Seen: November 5, 2020
OS(es) Affected: Windows

Vawtrak, AKA Neverquest, is a banking Trojan, a form of spyware that focuses on stealing bank account information and potentially instigating illicit money transfers. Based on the Gozi family, Vawtrak is in active distribution and development, and recently was confirmed to be engaged in broadening its attacks to new regions of the world. Since Vawtrak is a sophisticated PC threat competing with the likes of Trojan Zeus and other, equally-infamous malware, malware researchers advise you to use anti-malware solutions for finding or deleting Vawtrak with as much alacrity as possible.

Another Trojan's Story: From E-mails to Empty Bank Accounts

Although its earlier attacks focused on Japan, Vawtrak has branched out into other regions, including such varied nations as the United States, Turkey and Australia. Thus far, its predominant distribution method uses Cutwail, a spam botnet Trojan that uses compromised PCs to send e-mail messages containing file attachments of the Vawtrak's installer. One format of spam used to install Vawtrak, although by no means the only one, disguises the payload to look like an official communication from AT&T, the Texas-based phone company.

Vawtrak's installation allows Vawtrak to proceed with Man-in-the-browser or MitB attacks similar to those of Trojan.Shylock, the Tatanga Trojan or Silon. These attacks let Vawtrak inject unsafe content into a Web browser, such as forms that request additional information from its victims. Vawtrak also may monitor information passively, capturing passwords, account user names and other data. Standard data-encrypting security has no effect on Vawtrak's current methods of harvesting information. With this information, third parties may initiate direct, illegal cash transfers.

While the above attacks especially are common issues for bank websites, malware researchers also saw Vawtrak broadening its targets to other data types. Prominent online gaming sites, shopping domains and social networks all are at equal risk of having their users' accounts compromised by Vawtrak.

Protecting Your PC from a Well-Protected Banking Trojan

Vawtrak shows clear evidence of being designed by professionals, and explicitly avoids conducting its network communications in ways that would allow PC security experts or Vawtrak's victims to gain access to useful data. Vawtrak also, like most spyware, is designed to be a stealth-based threat that shows few symptoms with any significant visibility, other than potentially unusual behavior from your Web browser on bank websites. Deleting Vawtrak always should be handled via anti-spyware tools with proven records against similar threats, rather than attempted manually.

With respect to the aftereffects of a Vawtrak-based compromise of an account, you should watch for unusual behavior, such as attempts to transfer money or initiate extra charges. However, safe e-mail-viewing behavior should provide substantial protection from Vawtrak's known distribution methods, and scanning dubious file attachments never should be treated as anything less than a non-negotiable element of keeping your computer secure.

Related Posts