Kovter Trojan can hide in Windows registry and does not need to be stored on the computer’s hard drive- claims Symantec — Research reveals that Kovter’s security evading feature is akin to Poweliks malware.
The malware was discovered firstly in 2013. Symantec’s researchers detected the malware’s version 2.0.3 in May 2015. It happens to be the most updated and advanced of all the malware families currently violating your privacy.
The malware changed its MO continuously and has the capability of adapting to latest hacking campaigns. It is so advanced that it can easily dodge security measures that are implemented to remove this malware.
Symantec states that the malware has borrowed security evasion mechanisms from Poweliks because it also hides in the registry of the PC.
What is Windows Registry?
It is a feature that is found purely in Microsoft Windows OS.
It is a database of all sorts of data on your computer such as user profiles, software and hardware installed and other settings that the user regularly uses.
When Kovter hides in the registry, the infection lasts longer on the machine and also serves as a gateway for other more damaging malware.
Kovter – A Facilitator of Click Fraud?
Kovter is equipped with powerful stealth features and it is widely used for committing click-fraud. The Previous versions of Kovter did go hand in hand with ransomware. However, Symantec states that its newly discovered version just focuses on click-fraud.
How Kovter is Distributed?
As far as its method of penetrating computers is concerned, Symantec states that hackers/attackers distribute this version primarily through MS Word file attachments in spam email and malvertising campaigns.
Numerous exploit kits such as the Angler, Sweet Orange, Nuclear, Neutrino, etc., have been used to distribute this malware as well.
According to Symantec analysis, Kovter has affected 56% users in the US, 10% in the UK, 9% in Canada, 8% in Germany and 2% in Australia.
Researchers predict that
“The Kovter malware family has continually evolved since it was first discovered and shows no signs of leaving the threat landscape anytime soon.”
Symantec has also released the removal tool called Trojan.Kovter to help users get rid of this malware. It is a free download.
Kovter malware was also found updating flash plugin to the latest version. The same malware was also found in Yahoo Ad Network hacked, infecting millions of devices with ransomware virus.
[src src=”Source” url=”http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update”]Symantec[/src]
