CARBERP – a New Browser Trojan to Worry About
By on January 24th, 2011

malwareHow would you feel about a computer infection that could lie to your bank about your online transactions? What would happen if details such as who you are paying and how much, could be changed without you knowing it?

That’s exactly what can happen with the current crop of transactional trojans.   This is called screen injection, HTML overlayor the man-in-the-browser attack.

This type of infection can spy on you while you are online at many banking sites. ATM PINs, social security numbers and answers to secret questions are the types of information that will be stolen.

Previously, we’ve written about the Zeus trojan, which is the current king of the transactional trojans. Zeus used some very unique command-and-controlinterfaces that actually fooled security experts into giving up information. The Zeus trojan was also used to infect hundreds of U.S. Government employees when they opened a fake Christmas Card email from the White House.

If that’s not scary enough, there are more trojans out there that are being bred to compete with Zeus. According to TrustDefender, a well known security provider, a trojan named Carberp has recently added a whole slew of new features. These new features are intended to make it just as useful to black hats as Zeus. Here are some of the features:

  • It can run on non-administrator accounts.
  • It can infect XP, Vista and Seven machines.
  • It doesn’t make changes to the Window registry.
  • It hooks into the web browser to control all internet traffic.
  • It’s able to transmit real-time data to it’s masters.

It also covers it’s identity by appending random data into itself to foil normal anti-virus detection. The fact that it can run in non-admin mode and doesn’t write to the registry also makes it harder to detect. To most security software, Carberp could appear to be a simple browser add-on or extension.

The older Zeus trojan hasn’t been improved recently, and it looks like there’s a battle brewing that will decide the next popular trojan. Carberp is in the running with two or three others, such as SpyEye and Gozi.

It’s a rat race, with security experts always trying to build a better trap for the fast rats that keep breeding even faster rats. The security field profits from this race and so do the hackers.

We are the big losers.


Tags: , , , , ,
Author: Clif Sipe Google Profile for Clif Sipe
Promoting Freeware and Free information since 2004. Owner of FreewareWiki.com with over 2000 pages of freebies. Please subscribe to my Google Feed or follow me on Twitter @clifnotes.

Clif Sipe has written and can be contacted at clif@techie-buzz.com.
  • 10pound

    It’s ridiculous that it has come to this but despite running daily updated A/V, paranoid schizophrenic level firewall rule sets, sandboxed browsers and then sandboxed browsers within virtual machines……at this point I have to do any online banking kind of stuff with a *nix live CD of some sort.

    • http://www.google.com/profiles/clif.notes Clif Sipe

      @10pound – the Linux Live CD is an excellent suggestion – another might be a Windows virtual machine or a dedicated PC that’s only used for banking.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN