TrustDefender reveals true threat of new Trojan Carberp– the new Zeus!

Written by Andreas Baumhof Friday, 08 October 2010 01:00

Leading online transaction security provider, TrustDefender has analysed the latest new transactional Trojan Carberp, (pronounced Car-ber-‘P’), which is already gaining momentum with cyber criminals in Europe and the US. Financial institutions and enterprises should be wary of Carberp as it is challenging the highly successful transactional Trojans; Zeus, Mebroot and Silentbanker to become a leading malware security threat.

TrustDefender Labs (the research and development division of TrustDefender) has discovered the potential impacts and risks of this new Trojan. While Zeus has been the leading class of malware for security attacks throughout the last 18 months, there are a number of new players entering the market with an extensive new feature-set and distribution network challenging existing Trojan detection software.

Online Security expert and CTO of TrustDefender, Andreas Baumhof comments; "This particular Trojan appears to be purpose built and has evolved in sophistication at a rapid rate. TrustDefender anticipates Carberp will further develop and could morph into a problematic threat from a financial, political and personal perspective. This demonstrates how quickly the bad guys are innovating new sophisticated threats."

Carberp was first seen in May 2010, however most recently TrustDefender experts have witnessed the increasing sophistication of the Trojan, which is evolving at a very fast rate. Carberp is a promising challenger to Zeus and potentially provides a new class of Trojan for cyber criminals to use.

Why should we be worried about Carberp?

• Ability to disable other Trojans so it does not interfere with its attack and more importantly does not send stolen information to the competition
• Ability to run as a non-administrator
• Ability to infect Windows XP, Windows Vista and Windows 7, which only few Trojans can do. The Browser Hooking also works for Firefox in various versions but still not yet Chrome.
• Sophisticated browser hooking/installation to fully control all internet traffic (including HTTPS with EV-SSL) and the entire internet session
• It will not make any changes to the registry (only in memory modifications)
• Stolen data is transmitted in real-time to a Trojan’s ‘Command and Control’ (C&C) Server
• Carberp also has a configuration file system where it can inject arbitrary HTML into any website
• Ability to inject dynamically HTML overlays into any banking session, similarly to Zeus, Gozi and Spyeye, with the aim to work around dynamic authentication schemes (such as 2fa authentication)

Andreas Baumhof continues "The evolution of Trojans such as Carberp highlights that the malware problem is here to stay and will only get worse with malware reaching out to new areas such as Windows 7, Apple Mac and mobile devices. This highlights the need for financial institutions and enterprises to provide appropriate security for their users so the end user’s device is fully protected. This obviously also applies for cloud based applications. While Trojans such as Zeus and Mebroot are successful and high profile; the ‘bad guys’ obviously wish to stay under the radar and with new malware and configuration files they are able to continue to infiltrate in new ways."

TrustDefender protects Orange CU members from fraudulent activity and cyber criminals

TrustDefender secures online banking for BCU