Computer viruses and Trojan originate from some primordial forms of malware which, through the years, have evolved into a more sophisticated structure in keeping with the modifications that anti-malware products take. But if two powerful Trojans join forces, that is where the difference lies.
Specifically, it was recently discovered that the age-old Zeus and Carberp Trojans have been combined by malware writers into an enterprise crimeware called Zberp after the source code of both malware were leaked.
When Zeus and Carberp were individually separate malware tools, the magnitude of damage they had caused to financial institutions not the least has been horrible. Now that they have joined forces, we can only expect the worse.
But as a matter of fact, there have been many versions of Zeus Trojan that have been concocted by malware authors ever since its source code saw the light of day in 2010, resulting in a wave of attacks that continue to pester many victims up to date.
It was only last year that Carberp’s source code came out from a group of hackers based in Russia. According to reports, the source code was sold in the black market for up to $40,000.
Read also: Click-fraud Trojan turns Windows computers into botnets
Both Trojans are designed to avoid detection from anti-malware products, even the most advanced ones, in order to breach security systems, steal sensitive information, and download malicious data into computers to control the machine from a remote server.
The Zberp Trojan creates a registry key so that a persistent infection on a machine is maintained. The registry key disappears each time the computer reboots and then returns when the machine is turned off again. Thus, it operates without the complete knowledge of users. It is also a perfect way of hiding from the radar of software scanner.
Zberp also swipes IP addresses, takes screen shots of the computer to spy on your private online activity. It also becomes easy for attackers to steal data transmitted through non-encrypted channels such as the HTTP instead of HTTPS, SSL certificates and FTP credentials, according to Trusteer which analyzed the Trojan.
On the part of the Carberp Trojan, the source code provides the hooking method that works to control a user’s browser, it be Chrome, Internet Explorer or Safari, and track your key strokes in order to steal data.
Zberp also runs its communications with the attacker over the SSL connection, which means it is more difficult to detect the hybrid Trojan using regular antimalware tools.
Leave a Reply