Posted: September 11, 2014
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
|First Seen:||September 11, 2014|
|Last Seen:||November 5, 2020|
Vawtrak, AKA Neverquest, is a banking Trojan, a form of spyware that focuses on stealing bank account information and potentially instigating illicit money transfers. Based on the Gozi family, Vawtrak is in active distribution and development, and recently was confirmed to be engaged in broadening its attacks to new regions of the world. Since Vawtrak is a sophisticated PC threat competing with the likes of Trojan Zeus and other, equally-infamous malware, malware researchers advise you to use anti-malware solutions for finding or deleting Vawtrak with as much alacrity as possible.
Another Trojan's Story: From E-mails to Empty Bank Accounts
Although its earlier attacks focused on Japan, Vawtrak has branched out into other regions, including such varied nations as the United States, Turkey and Australia. Thus far, its predominant distribution method uses Cutwail, a spam botnet Trojan that uses compromised PCs to send e-mail messages containing file attachments of the Vawtrak's installer. One format of spam used to install Vawtrak, although by no means the only one, disguises the payload to look like an official communication from AT&T, the Texas-based phone company.
Vawtrak's installation allows Vawtrak to proceed with Man-in-the-browser or MitB attacks similar to those of Trojan.Shylock, the Tatanga Trojan or Silon. These attacks let Vawtrak inject unsafe content into a Web browser, such as forms that request additional information from its victims. Vawtrak also may monitor information passively, capturing passwords, account user names and other data. Standard data-encrypting security has no effect on Vawtrak's current methods of harvesting information. With this information, third parties may initiate direct, illegal cash transfers.
While the above attacks especially are common issues for bank websites, malware researchers also saw Vawtrak broadening its targets to other data types. Prominent online gaming sites, shopping domains and social networks all are at equal risk of having their users' accounts compromised by Vawtrak.
Protecting Your PC from a Well-Protected Banking Trojan
Vawtrak shows clear evidence of being designed by professionals, and explicitly avoids conducting its network communications in ways that would allow PC security experts or Vawtrak's victims to gain access to useful data. Vawtrak also, like most spyware, is designed to be a stealth-based threat that shows few symptoms with any significant visibility, other than potentially unusual behavior from your Web browser on bank websites. Deleting Vawtrak always should be handled via anti-spyware tools with proven records against similar threats, rather than attempted manually.
With respect to the aftereffects of a Vawtrak-based compromise of an account, you should watch for unusual behavior, such as attempts to transfer money or initiate extra charges. However, safe e-mail-viewing behavior should provide substantial protection from Vawtrak's known distribution methods, and scanning dubious file attachments never should be treated as anything less than a non-negotiable element of keeping your computer secure.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Vawtrak may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.