Spike of Napolar Malware Causes Information Theft, Security Companies Warn!

Reports by Security Companies ESET and Avast! confirm of a malicious threat that performs DOS (Denial Of Service) attacks and hooks itself in the computers browser/s in order to steal information from the infected computer.

Avast! have identified the threat as Win32/64:Napolar and confirm the threat as a Trojan Horse, whilst ESET have identified the threat simply as Win32/Napolar and states that the author of the malware prefers the name “Solarbot”.  ESET identify the malicious threat as a Bot. The malicious threat has been identified on both of the security companies databases!

The Solarbot/Napolar Trojan is promoted via the infected website, “solarbot.net” and looks to be spreading through Facebook.

“For the Win32/64:Napolar Trojan, the pipe used to inter-process communication is named\\.\pipe\napSolar. Together with the presence of character strings like “CHROME.DLL,” “OPERA.DLL,” “trusteer,” “data_inject,” and features we’ll mention later, we have almost no doubts that the Trojan and Solarbot coincide.

An initial binary comes in the form of an SFX archive named in a similar fashion as Photo_021-WWW.FACEBOOK.COM.exe that handles two events: A silent execution of the Trojan’s dropper and the display of a distracting image of girls” – Avast!

“Although we have not yet directly seen Win32/Napolar being distributed in the wild, it seems likely that this threat has been spread through Facebook. Since malware has the ability to steal Facebook credentials, its operator can reuse those credentials to send messages from compromised accounts and try to infect the victim’s friends. ” – ESET

The malware variant has apparently been observed since May by Avast! and August by ESET. Although not the newest of malicious threats, the Solarbot/Napolar Trojan has been hitting the radars of both security companies in recent weeks.

If you are worried about the Solarbot/Napolar Trojan, you are definitely protected by Avast! and ESET programs. If you believe you are already infected, scans with the two programs should identify the threat. Correctly uninstalling and reinstalling your browser/s is also a recommendation as the malware seems to hook onto the browser in order to collect and steal information.

ESET reports that the Bot functions similar to malware families such as Zeus or SpyEye, so researching these threats may be helpful for removal if the malware won’t budge! Beware – Searching on Google and other Search Engines for help on the removal of this malicious threat brings up a lot of unknown and dangerous websites as the top results, so sticking to known Security solutions is advised!

If you are still worried or want more information, check out Avast! and ESET’s blog articles at:

– Avast!: blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/

– ESET: www.welivesecurity.com/2013/09/25/win32napolar-a-new-bot-on-the-block/

Stay Safe!

About Danny Morton

Danny Morton is the founder and sole blogger, editor and representative of RYM. He has created the website to share his knowledge and experience in computer security, to report the biggest news and threats all in one place, and to help users protect themselves (and those around them) from infection and exploitation.

Posted on September 28, 2013, in Uncategorized and tagged , , , , , , , , , , , , , . Bookmark the permalink. Comments Off on Spike of Napolar Malware Causes Information Theft, Security Companies Warn!.

Comments are closed.

%d bloggers like this: