Trojan:Win32/Necurs

Trojan:Win32/Necurs is a threat identified by Microsoft Security Software. This is a typical malware that targets the core system of Windows in order to complete its tasks. Trojan:Win32/Necurs was made to execute a series of commands once it gets inside the system. It will gather data like system settings, Windows version, network configuration, and so on. Collected data will be sent to remote attacker for analysis.

Threat behavior

Installation

In general, system will get infected with Trojan:Win32/Necurs if malicious code is executed on the computer. Source of this trojan may vary due to the changing ways how it is deployed. Typically, spam email messages disguising as open letter from reputable institution are used to deceive recipients. Body of the message contains enticing phrases that tries to convince user into opening the attached file.

Malicious links from social media sites and instant messaging program are also seen as method used in distributing Trojan:Win32/Necurs. Illegally distributed software and media materials may also contain code that can lead to the infection of this malware.

How does this malware operate?

In order to run itself on Windows start-up, Trojan:Win32/Necurs will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC.

Trojan:Win32/Necurs occasionally connects to a remote host to execute tasks like the following:

  • Notify attacker on the new infection
  • Sends gathered data from the infected computer
  • Download and execute additional files including an updated version of the Trojan
  • Accept command from a remote attacker

Symptoms

There is not much obvious symptom from this malware. Trojan:Win32/Necurs operates silently in the background. However, Microsoft Security Software may alert you on the presence of this Trojan.

Versions of Trojan:Win32/Necurs
Version Name Alert Level Date Added
Trojan:Win32/Necurs.C Severe Oct. 245, 2023
Trojan:Win32/Necurs.A Severe Oct. 15, 2023

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *