NGRBot

NGRBot is a dangerous malware infection that is known for mimicking Skype in order to trick computer users into opening its malicious executable file. ESG security researchers observed that the NGRBot infection is being distributed in spam email messages that contain what is supposed to be a Skype link. This supposed link claims to lead the computer user to an image file. However, this link actually downloads a file named skype_09-10-12_image.exe. Of course, the EXE extension is not correspondent to an image file. Rather, this malicious executable installs NGRBot, also known as Dorgbot or Dorkbot. This particular variant of the NGRBot infection was first detected in October 6 of 2012. It contains the same functionality as previous Dorkbot variants except for an additional malicious module that allows this malware threat to abduct sensitive data such as credit card details or login credentials for numerous websites.

The NGRBot infection contains a specific module that allows this threat to steal private information such as login credentials for popular websites and online accounts. By analyzing NGRBot's code, ESG security researchers have observed that the NGRBot can steal the following private information:
  1. The NGRBot malware infection has the ability to detect web traffic involving credit card transactions. It is designed to steal credit card data as well as online banking information. NGRBot then transfers this data to a third party which can then use these credit card numbers to steal the victim's identity.
  2. NGRBot also contains a module that allows NGRBot to steal login information for popular webmail and social media services, such as Gmail, Facebook, Yahoo and Twitter.
  3. However, the NGRBot infection can also steal login information for popular pornographic websites (such as YouPorn and Brazzers) or for some of the largest private torrent websites (such as WhatCD or Torrentleech). This login information is then sold on shady websites and IRC networks.
  4. In fact, few websites are not included in NGRBot's list of potential theft targets. This malware infection will steal login credentials for websites ranging from eBay and PayPal to Godaddy and Netflix, among many others.

Like most Dorkbot variants, NGRBot spreads via Skype and instant messaging services. It will send out messages from an infected computer that will typically read 'hey, have you seen this pic?' followed by a malicious link to the NGRBot executable. These messages can be sent out in dozens of different languages, allowing NGRBot to attack computers all around the world.

Type: Worms

Infected with NGRBot? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect NGRBot

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

NGRBot has typically the following processes in memory:

skype_09-10-12_image.exe

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 9 + 7 ?