Trojan-Spy.Win32.Lurk

If all malware infections have one thing in common, it is the fact that they require installing a malicious file onto the victim's computer system. Then, when this file is executed it can deliver its payload and carry out its harmful activities on the infected computer. However, ESG malware analysts have observed that the Trojan-Spy.Win32.Lurk Trojan, also commonly known as Lurk, uses an infection strategy that forgoes this step completely. Malware analysts have reported that this tactic is not only innovative but also quite rare. It was detected that this malware infection was capable of inserting an encrypted DLL (Dynamic Link Library) straight into the memory of the lavaw.exe file process in the victim's computer system. This means that this attack is capable of attacking both Mac OSX and Windows operating systems and that it is also capable of circumventing detection by common security programs. Once Trojan-Spy.Win32.Lurk has infiltrated the victim's computer system, Trojan-Spy.Win32.Lurk can use an exploit to use User Account Control to install Trojan-Spy.Win32.Lurk on the victim's computer. This Trojan has several dangerous functions, the most dangerous of which is connecting the infected computer system to the Lurk botnet and then using it as part of coordinated attacks with other infected computer systems. The fact that the Trojan-Spy.Win32.Lurk infection process takes place in RAM (Random Access Memory) means that Trojan-Spy.Win32.Lurk can take place without an actual file and would be gone once the infected computer reboots.

Trojan-Spy.Win32.Lurk Uses a Known Java Vulnerability to Carry Out Its Attack

The CVE-2011-3544 Java vulnerability is not new to PC security analysts and is used to carry out the initial Trojan-Spy.Win32.Lurk attack on the victim's computer system. Once installed, Trojan-Spy.Win32.Lurk seems to be a banking Trojan specifically engineered to gather information regarding passwords and account details for some of the most important banks in the Russian Federation and Eastern Europe. To avoid becoming infected, ESG security analysts strongly advise downloading the latest updates to the Java Runtime Environment in order to ensure that the vulnerability that Trojan-Spy.Win32.Lurk exploits is patched up. ESG malware analysts also warn that these kinds of attacks that avoid installing a malicious file on the victim's hard drive will, probably, be exploited in the future by other malware threats, warning computer users to stay away from websites generally considered to be unsafe, such as those with pornographic material of involved in illegal file sharing.