New Trojan Zberp, a Hybrid between Carberp and ZeuS

Trusteer the security company says its researchers detected one fresh Trojan they have named Zberp that arises as a combination of Carberp as well as ZeuS malwares.

Previously during 2011, ZeuS the banker Trojan's source code got exposed, while during June 2013, Carberp's source code could be bought on crime websites of Russia.

Researchers were sure that the two malwares would soon be combined to make a new threat by opportunistic malware authors. Trusteer researchers detected Zberp for the first time some weeks back at the time cyber-crooks were observed utilizing Botnet Andromeda for pulling down the new hybrid malware.

Researchers say that Zberp is really one sample edition of ZeuS VM; however, it also behaves like Carberp Trojan.

Cyber-criminals possessing Zberp acquires the ability to seize core details regarding the tainted PC such as the system's IP, name as also others. They can further have screen shots, which the Trojan transmits back to them. Zberp also enables in capturing end-user SSL certificates, data entered into HTTP forms, as well as POP/FTP A/C credentials. There are some optional features too programmed into Zberp which facilitate Web-insertions, man-in-the-browser/man-in-the-middle assaults, dynamic Web-insertions along with RDP/VNC connections.

A feature called "invisible persistence" is integrated into the Zberp which the ZeuS VM edition has already employed. The feature works by the malicious software wiping out its persistence code originally inside the registry when any computer with Windows OS undergoes booting so security software can't spot it at the time of standard system scans, which occur following the system's startup. But the Trojan ensures persistency by writing the persistence code back again inside the registry when the computer shuts down.

It (Zberp) even masks the configuration program with a graphic file using one technique called steganography that malware developers employ for implanting code as though it is a file appearing genuine while evades anti-malware software.

Trusteer states, Zberp has already contaminated customers with 450 banks or other financial institutions globally, especially within Australia, UK and USA.

Finally, the company's researchers said that a scan with VirusTotal showed how Trojan Zberp managed in bypassing anti-virus programs in general, during its maiden detection.

» SPAMfighter News - 6/3/2014