[ISN] New banking Trojan ‘Zberp’ offers the worst of Zeus and Carberp

http://www.computerworld.com/s/article/9248567/New_banking_Trojan_Zberp_offers_the_worst_of_Zeus_and_Carberp By Lucian Constantin IDG News Service May 26, 2014 A new computer Trojan that targets users of 450 financial institutions from around the world appears to borrow functionality and features directly from the notorious Zeus and Carberp malware programs. The new threat, dubbed Zberp by security researchers from IBM subsidiary Trusteer, has a wide range of features. It can gather information about infected computers including their IP addresses and names; take screen shots and upload them to a remote server; steal FTP and POP3 credentials, SSL certificates and information inputted into Web forms; hijack browsing sessions and insert rogue content into opened websites, and initiate rogue remote desktop connections using the VNC and RDP protocols. The Trusteer researchers consider Zberp a variant of ZeusVM, a recent modification of the widely used Zeus Trojan program whose source code was leaked on underground forums in 2011. ZeusVM was discovered in February and stands out from other Zeus-based malware through its authors’ use of steganography to hide configuration data inside images. The Zberp authors use the same technique, which is meant to evade detection by anti-malware programs, to send configuration updates embedded in an image that depicts the Apple logo. However, the new threat also uses hooking techniques to control the browser that seem to have been borrowed from Carberp, another Trojan program designed for online banking fraud whose source was leaked last year. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail