Neutrino virus points its daggers to point-of-sale terminals

Neutrino virus functions as a newly detected version of notorious Zeus virus which targets Windows OS. Indeed, there is the exploit kit operating under the same name. Along with other fellows, Angler, which is luckily terminated, facilitates the distribution of currently still invincible Cerber ransomware. Interestingly, the latter is associated with CryptoLocker campaign as well.
Speaking of former threat, Zeus trojan spread terror for its keylogging features which helped perpetrators steal sensitive information, specifically, bank account credentials. It emerged in 2007 after hacking US Department of Transportation. However, 2009 can be called the year of Zeus rampage.[1]
While its activity continuously had ceased, it did not vanish from the cyberspace. Inspired by the success and chaos wrecked by this malware, many crooks, particularly, tech support scammers[2] picked up the name for their malicious purposes. Likewise, dozens of PC and browser-based scams are entitled as “You have a Zeus” virus, “Windows detected Zeus virus,” “Windows Defender Alert Zeus virus,” etc.
Though all these scams or scareware, the genuine virus has made a move. Recently, one of its affiliated version, Panda Banker, has surfaced. Likewise, Neutrino threat defines the latest edition of this malware contrary to a well-known exploit kit. Taking into the dangers of malware, make a rush to remove Neutrino virus. Due to a complexity of this malware, automatic elimination might be a better solution. Thus, you might choose FortectIntego or MalwarebytesMalwarebytes or alternative application.
The virus comes to life again
With several crucial modifications, now the malware makes a diversion before revealing its genuine origin. The crooks did a great job by developing its anti-sandboxing features. In other words, even when after entering the device, it does not immediately connect to Command and Control server and does not give out any signs of vitality. This feature is determined by a number generator.
After a while, the infection finally connects to the remote server. In order to mislead he tracks, the request information is encrypted with the Base64 cipher. Even though the retrieved pages display 404 error message, the successful connection to the server is determined by marking the end of page URL with ZW50ZXI= string.[3]
It is programmed to take screenshots, open certain files, track processes. The new version is capable of altering registry files as well as entire branches of them. Finally, the most significant change suggests that now the virus targets point-of-sale terminals.
Distribution campaign
When it comes to trojans, botnets remain the main factor for expanding the network. They grant the ability to significantly boost the overall rate of trojans. Botnets monitor of hundreds of different IP address which facilitate Neutrino hijack or monitor web pages containing the infection.
At the moment, the malware comes by the name of Trojan-Banker.Win32.NeutrinoPOS. It is especially widespread in Russia[4] and Kazakhstan. However, due to these specifications, the threat might soon cross borders. Now, let us discuss Neutrino removal methods.
Neutrino threat elimination options
Despite how menacing this threat might seem, you can still remove Neutrino virus. Regarding the malware technical capabilities, it is naïve to expect to curb the infection manually. Thus, you may mobilize all your cyber security forces; an anti-virus application, anti-malware utility, and firewall, if you have one.
Then, you should be able to complete Neutrino removal. It is not surprising that you may not access the application as the malware meddles with the registry keys which results in fake system errors.
Was this guide helpful?
Be the first to comment