http://www.computerworld.com/s/article/9248567/New_banking_Trojan_Zberp_offers_the_worst_of_Zeus_and_Carberp
By Lucian Constantin
IDG News Service
May 26, 2014
A new computer Trojan that targets users of 450 financial institutions
from around the world appears to borrow functionality and features
directly from the notorious Zeus and Carberp malware programs.
The new threat, dubbed Zberp by security researchers from IBM subsidiary
Trusteer, has a wide range of features. It can gather information about
infected computers including their IP addresses and names; take screen
shots and upload them to a remote server; steal FTP and POP3 credentials,
SSL certificates and information inputted into Web forms; hijack browsing
sessions and insert rogue content into opened websites, and initiate rogue
remote desktop connections using the VNC and RDP protocols.
The Trusteer researchers consider Zberp a variant of ZeusVM, a recent
modification of the widely used Zeus Trojan program whose source code was
leaked on underground forums in 2011. ZeusVM was discovered in February
and stands out from other Zeus-based malware through its authors' use of
steganography to hide configuration data inside images.
The Zberp authors use the same technique, which is meant to evade
detection by anti-malware programs, to send configuration updates embedded
in an image that depicts the Apple logo. However, the new threat also uses
hooking techniques to control the browser that seem to have been borrowed
from Carberp, another Trojan program designed for online banking fraud
whose source was leaked last year.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
