© Depositphotos.com/ mmaxer
Editor's Note: This example shows just one method in which the trojan may be distributed. It may also be spread via emails with other content and via alternative vectors including social media and FTP.
Subject: Your UPS Invoice is Ready
This is an automatically generated email.
Please do not reply to this email address.
Dear UPS Customer,
New invoice(s) are available for the consolidated
payment plan(s) / account(s) enrolled in the UPS Billing Center
Please open attached file to view and pay your invoice.
(c) 2013 United Parcel Service of America, Inc. UPS, the
UPS brandmark, and the color brown are trademarks of United
Parcel Service of America, Inc. All rights reserved.
For more information on UPS's privacy practices, refer
Please do not reply directly to this e-mail. UPS will
not receive any reply message.
For questions or comments, visit Contact UPS.
Neverquest is a new banking trojan that spreads itself via social media, email and file transfer protocols. It possesses the capacity to recognize hundreds of online banking and other financial sites. When an infected user attempts to login to one of the sites the trojan reacts by activating itself and pilfering its victim’s credentials.
Symantec also reported on the threat, noting in a December 4, 2013 blog post:
There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites. This allows attackers to steal login credentials from users. The threat can also let attackers take control of a compromised computer through a Virtual Network Computing (VNC) server. Neverquest can replicate itself by stealing login details and spamming out the Neverquest dropper, by accessing FTP servers to take credentials in order to distribute the malware with the Neutrino Exploit Kit and by obtaining social networking credentials to spread links to infected websites.Thus, in this case, the circulating warnings are worth heeding. As always, people should use caution and common sense when opening attachments and following links in emails and social media posts. They should also ensure that they have up-to-date anti-virus and anti-malware protection on their computers and keep their operating system, browsers and other software updated.
Last updated: December 9, 2013