Trojan-Spy.Win32.Lurk
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 3,328 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 7,023 |
First Seen: | April 13, 2012 |
Last Seen: | September 18, 2023 |
OS(es) Affected: | Windows |
If all malware infections have one thing in common, it is the fact that they require installing a malicious file onto the victim's computer system. Then, when this file is executed it can deliver its payload and carry out its harmful activities on the infected computer. However, ESG malware analysts have observed that the Trojan-Spy.Win32.Lurk Trojan, also commonly known as Lurk, uses an infection strategy that forgoes this step completely. Malware analysts have reported that this tactic is not only innovative but also quite rare. It was detected that this malware infection was capable of inserting an encrypted DLL (Dynamic Link Library) straight into the memory of the lavaw.exe file process in the victim's computer system. This means that this attack is capable of attacking both Mac OSX and Windows operating systems and that it is also capable of circumventing detection by common security programs. Once Trojan-Spy.Win32.Lurk has infiltrated the victim's computer system, Trojan-Spy.Win32.Lurk can use an exploit to use User Account Control to install Trojan-Spy.Win32.Lurk on the victim's computer. This Trojan has several dangerous functions, the most dangerous of which is connecting the infected computer system to the Lurk botnet and then using it as part of coordinated attacks with other infected computer systems. The fact that the Trojan-Spy.Win32.Lurk infection process takes place in RAM (Random Access Memory) means that Trojan-Spy.Win32.Lurk can take place without an actual file and would be gone once the infected computer reboots.
Trojan-Spy.Win32.Lurk Uses a Known Java Vulnerability to Carry Out Its Attack
The CVE-2011-3544 Java vulnerability is not new to PC security analysts and is used to carry out the initial Trojan-Spy.Win32.Lurk attack on the victim's computer system. Once installed, Trojan-Spy.Win32.Lurk seems to be a banking Trojan specifically engineered to gather information regarding passwords and account details for some of the most important banks in the Russian Federation and Eastern Europe. To avoid becoming infected, ESG security analysts strongly advise downloading the latest updates to the Java Runtime Environment in order to ensure that the vulnerability that Trojan-Spy.Win32.Lurk exploits is patched up. ESG malware analysts also warn that these kinds of attacks that avoid installing a malicious file on the victim's hard drive will, probably, be exploited in the future by other malware threats, warning computer users to stay away from websites generally considered to be unsafe, such as those with pornographic material of involved in illegal file sharing.
URLs
Trojan-Spy.Win32.Lurk may call the following URLs:
news-themes.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.