Banker Trojan Carberp Undergoes Rapid Development
According to Seculert the security company, the Carberp banking Trojan, which is more or less new having made its debut during the 2010 autumn as well as largely resembles the Zeus Trojan, has lately being revamped.
Says the company that unlike Carberp's initial variants that were constructed to have ordinarily functions, the Trojan's later variants have many, quite impressive characteristics. Also, it's currently executable on each and every Windows edition, including Windows 7 without the need for any administrator rights.
This, however, isn't really remarkable, technical-wise. For, there are enough user rights so Carberp can register like an addendum to the Web-browser. Consequently, the Trojan manages to read as well as alter Internet banking traffic, even if that is encrypted, via launching a "man-in-the-browser" assault.
Another feature seen in Carberp is that it's capable of sanitizing infected computers, while the latest version is capable of encrypting the entire Web-traffic from contaminated systems to the command-and-control server and vice-versa, Seculert outlines.
Reveals the company following an assessment of the Trojan, the RC4 key, interestingly, gets arbitrarily produced as also it gets transmitted through the HTTP query. Such behavior is totally new. For instance, Zeus or similar malicious programs merely utilize a single RC4 key that already comes bundled with the malware, the company explains. Threatpost.com published this on January 21, 2011.
Seculert adds that whereas Carberp's latest variant transmits information to the central command-and-control server regarding the contaminated PC's active processes just like the earlier variants did; it currently even examines the type of anti-virus running on the PC.
Furthermore, the security researchers from Seculert observe that all the features of Carberp described above have been incorporated into the Trojan over merely some months. This is yet one more interesting aspect of Carberp.
Eventually, according to the security company, Carberp is primarily proliferating across Russia. However, a lot of the banking Trojans along with information-stealing programs that were relatively more successful, hit one particular nation after which they proceeded for disseminating across other nations. Thus, a similar development of Carberp should not be any surprise, the company warns in the end.
» SPAMfighter News - 01-02-2011