Necurs : A Multipurpose Trojan

Necurs a multipurpose trojan is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012.

Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole.

Necurs Trojan is capable of:

• Modifying the computer's registry in order to make itself start after every reboot.
• Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and Microsoft. According to Microsoft's researchers, Microsoft Security Essentials' real time protection option is often turned off after an infected computer has been rebooted.
• Disabling the running firewall
• Contacting a remote host for command and control instructions via HTTP port 80, and sometimes downloading and installing additional malware (mostly rogue AVs) and loading a malicious DLL component that allows attackers to send out spam via Gmail.
• Creating a permanent backdoor into the system, which allows attackers to gain complete control of the affected computer.

In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty.Necurs uses MD5 and SHA1 to encrypt its network traffic data when sending or receiving, and contains a regularly updated driver that protects every Necurs component from being removed .