A new version of the Neutrino Bot (also known as Kasidet) was discovered, the new iteration can cause potent damage against the infected computers.
Neutrino Bot Updated
Malware researchers have indicated that there is a new release of the infamous Neutrino Bot. The infamous malware which was responsible for a lot of infections last years is now being distributed via a large-scale spam email campaigns to computer users located in the USA. As expected the Neutrino Exploit Kit is being used as the platform of choice for the preparation and organization of the attacks. The infections follows a standard pattern:
When the user interacts with the malicious payload the first stage is the fingerprint check. The virus engine checks if the victim environment is not a sandbox or virtual machine and scans for any running or installed network capture programs or security solutions. The virus infection does not proceed if any of these two criteria is met.
The virus drops the malicious payloads to the infected host and proceeds further.
The virus features advanced stealth protection additions against virtual machines, honeypots and sandbox environments. If such instances are detected the malware deletes itself. Furthermore the virus developers behind it have also added the signatures of various security solutions such as anti-virus and anti-malware programs. Neutrino Bot creates a persistent environment for itself by adding a startup entry with the Windows Task Scheduler. Several modifications are also done to the registry by adding new entries and values. To further the dangerous system modifications, Neutrino also adds itself to the firewall’s white list and to the exclusions list of Windows Defender.
The malware features several layers of encryption and obfuscation which makes detection difficult. It is used to deliver various types of dangerous malware such as ransomware to the infected computer. The Neutrino Bot is a popular and dangerous hacking tool which has already been used in active campaigns. The fact that this in an updated version means that a lot of hackers and malicious collectives are using it to attack targets globally.
As always computer users can protect themselves by using a quality anti-malware solution which is able to both detect, remove and protect them against all forms of viruses.