What is the Necurs downloader and the Necurs botnet?

Before we explain to you what the improvements made to this malware are, we must first take a moment to introduce you to the actual virus and what its main purposes are.

Necurs isn’t actually a virus that is supposed to directly harm your PC. Instead, it is a downloader type of virus which means that its main goal is to acquire boot persistence on the infected machine and to load other malware into the computer’s system. For instance, Necurs has oftentimes been reported to download the Locky Ransowmare on computers that have gotten infected by it.

The second main purpose of this malware is to gain telemetry data from the attacked PCs.

As far as the Necurs botnet is concerned, this is a network that consists of machines that have already been infected by the virus and that are now used to spread it to other users. Such malware behavior is reminiscent of some Trojan Horses, especially considering the ability of the virus to load other malware onto the targeted PC.

The improvements

Every software developer seeks to make their product better, more efficient and more effective. This also applies to malware creators as well. There are two main changes that the hackers behind Necurs have recently added to their virus program as reported by Symantec.

• The first main improvement is the addition of a screenshot function to Necurs . By adding a Powershell script to virus would now allow it to take a screenshot of the user’s screen and send it to the hacker’s server a few seconds later. The researchers at Symantec presume that the purpose of this feature is to provide the hackers behind the malware with more accurate information regarding the infected machine in order to determine of it represents a valuable environment for further infection with another virus. For instance, if the attacked PC is running a professional software for office use, then there’s high chance that the computer is connected to a network with other interconnected PCs which would all be vulnerable for further infection.
• The second addition to the Necurs downloader is an error-reporting utility. This function is supposed to detect errors and bugs coming from the malware and report them to the hacker. So far, though similar features have been seen on other malware viruses, this is presumably the first downloader type of malware to have an error-reporter. As for the purposes of this feature, it is actually pretty obvious why it must have been added. As we already mentioned, even malware developers want to improve their products and make them more effective and what better way to do that than having a built-in utility inside the program that would report any issues with it. After all, malware developers cannot count on user feedback, now can they?

Increasing activity

Symantec have also reported that throughout the past couple of months an increased activity by the Necurs virus has been detected. From June to October, the activity of this malware has increased four times! Currently, this virus seems to be predominantly used for the distribution of the Locky Ransomware and of a banking Trojan Horse known as TrickBot. In addition to that, as we already said above, Necurs also gathers telemetry data from infected PCs and sends the collected information to the hackers’ servers.

The post Necurs Malware Receives an Update appeared first on Malware Complaints.

It is widely-known that many software developers tend to collect data from their users. In the rapidly evolving world of technology, information is an expensive currency and everybody tries to get their hands on as much data as possible. Logically, this has lead to the introduction of a variety of methods for gathering personalized information from the customers. Such data can be used in a number of ways. One of the most common uses of personalized data such as browsing habits, interests, preferences, etc. has to do with the online marketing industry. Targeted advertising is a highly profitable business and the best way to ensure success is to have relevant data on as a big part of the virtual population as possible. Of course, there are other purposes of information gathered through telemetry such as relevant user feedback and opportunities for improvement.

Nowadays, telemetry procedures are carried out by a lot of websites, web services, mobile apps, PC programs and even Operating Systems. It is often disputed whether or not and to what extent telemetry is legal and acceptable. Currently, as long as the user is explicitly informed about what personal data is being collected, the telemetry is process should be considered in line with the law. Regardless, a lot of times it is difficult to put an actual, clear cut line between legal and illegal collection of user data leading to a lot of gray areas in this area of the legal virtual reality.

Win 10 telemetry and the Dutch government

One recent example of potential legal issues with regards to telemetry comes from the Netherlands’ authorities and their concern with the way Windows 10 and its browser – Microsoft Edge, obtain personal details from their users. According to the Dutch Data Protection authority (DPA), the customers who use Win 10 are not clearly and explicitly informed about what information the OS and the browser collect from them or how the said data is to be used afterwards. Apparently, this violates the national laws of the Netherlands and could lead to a legal dispute between the government of the country and Microsoft.

Currently, Microsoft is trying to resolve the issues that the DPA has pointed out so as to make their latest OS and its browser compliant with the national laws of the Netherlands. As stated by Marisa Rogers, Windows’ privacy officer, a number of improvements have been made towards making Windows 10 more privacy-oriented throughout the past years after the Operating System was launched and more are in the pipeline.

Windows 10 telemetry

Actually, the fact that Win 10 and Microsoft Edge gather personal data isn’t anything new. However, it must be noted out that the amount of data that gets collected by this OS is rather overwhelming. As pointed out by the DPA, Windows 10 monitors most of what you do on your PC, creating a detailed profile of your habits as a user. This includes the which Windows apps you use and how you use them as well as what you do online (if you are using Edge). Some aspects of Window’s telemetry can be controlled and even disabled by the user through the OS’s settings yet if the default settings are used, Microsoft would be collecting personalized data on their users.

The problem, as stated by the DPA, is that all of this is enabled by default and that the customer isn’t properly informed regarding what data is getting collected, how it is going to be used and how the telemetry feature can be disabled. However, even though Microsoft has agreed to cooperate, there are points from the DPA investigation and the final results that Microsoft disagrees with. A detailed of what aspects of the investigation are considered inaccurate can be found here, on this link.

Not the first time Microsoft has issues with a country’s government

This is certainly not the first instances of a country’s government having issues with the company’s politics, especially regarding Windows 10. As a matter of fact, there are quite a few examples where the national law of a country got violated by the way Windows 10 functions. Similar cooperations between Microsoft and the Swiss or the French governments were required so that Win 10 does not violate their national laws of virtual privacy. Also, a couple of months ago the German authorities finally won a legal struggle against Microsoft in relation to Windows 10 upgrades being installed without the user’s consent. You can find an article about that here.

The post Privacy violation by Windows 10 telemetry appeared first on Malware Complaints.