The Noon malware was previously a Visual Basic script virus which got its name by creating pop up message boxes at noon and midnight then randomly launching web browser to navigate to malicious websites on 2011. It now evolved as a Trojan spyware which is distributed by spam emails and is programmed to bypass anti-virus software and automatically install itself without any manual interference.
This malware is currently being distributed in malspam campaigns involving spam emails with product quote inquiry, shipping or delivery inquiries, fake invoice attachments, and also product order requests. This Trojan-Spyware sends the gathered data from its victims via Hypertext Transfer Protocol (HTTP) POST to malicious websites of malware author.
- Logs keystrokes of user
- Steals computer data such as operating system version, operating system architecture, username, user’s security identification (SID)
- Steals stored email credentials from different mail clients
- Steals stored information such as user names, passwords and hostnames from different browsers
- Information Theft
- Violation of user privacy - gathers user credentials and steals user information
Sample Spam – Shipping inquiry spam
Solution Map – What should customers do?
Make sure to always use the latest pattern available to detect the old and new variants of Noon malware.
- Please refer to the KB article on Recommendations on how to best protect your network using Trend Micro products.
- You may also check the article on Submitting suspicious or undetected virus for file analysis to Technical Support.
- For support assistance, please contact Trend Micro Technical Support.
- Threat Encyclopedia – TrojanSpy.Win32.NOON.TIOIBEDF