Thursday 6 October 14:00 - 14:30, Green roomPeter Kruse (CSIS)Neverquest (a.k.a. Vawtrak/Snifula) is a complex banking trojan targeting a long list of financial institutions around the globe.Neverquest is the offspring of Gozi, and as such it has ties to the "Hang Up Team". Gozi was one of the first banker trojans that was prevalent enough to get its own "working group" that, in cooperation with law enforcement, worked on its take-down.Neverquest is a prevalent threat that continues to cause losses to financial institutions and that is being used as an instrument to steal valuable data from corporate networks. It has the largest target configuration file ever observed. The size of the file is approximately 2MB and it targets roughly 200 different online banking websites and an additional 150 online services. Lately, it has even begun targeting investment retirement services.This presentation will focus on how Neverquest infects Microsoft Windows clients. Furthermore, it will provide an insight into the malware's binary code and its components.The second part of the presentation will show parts of the C&C panel utilized by the criminals to send massive amounts of instructions to chosen clients in order to carry out hostile commands. We will, for example, look into how the VNC (virtual network control) is deployed to conduct fraudulent transactions.Last but not least, we will document how Neverquest already controls victims with more than 1 billion dollars at their disposal. This fact could cause significant losses to corporate banking customers.Click here for more details about the conference.