By January 18, 2012 0 Comments

A Good Carberp Is Hard To Find – Context Information Security Leads Research

Context leads research efforts into next generation financial malware and Trojans

January 17th 2012 – Increasingly sophisticated financial malware such as the Carberp Trojan is becoming more and more difficult to detect and eliminate, warns researchers at Context Information Security. Designed to steal log-in and account information and harvest credentials for email and social-networking sites, Carberp, like its more well know predecessors Zeus and Spyeye, infects machines through malicious files such as PDFs and Excel documents or drive-by downloads.

In most cases Carberp will persist undetected by antivirus software on the infected machine using advanced stealth, anti-debugging and rootkit techniques and is controlled from a central administrator control panel that allows the attacker to mine the stolen data. Carberp is also part of a botnet that can take full control over infected hosts, while its complicated infection mechanisms and extensive functionality make it a prime candidate for more targeted attacks.

The malware uses multiple layers of obfuscation and encryption to remain hidden and prevent analysis. Once embedded and decrypted, the real infection begins with malicious file dropping and process injection steps that provide a backdoor to the host under attack.

“The advanced infection capabilities of Trojans such as Carberp require detailed knowledge of how they operate to detect and analysis attacks,” says Michael Jordon, research and development manager at Context. “While many banks are now using tools such as Rapport from Trusteer to mitigate the risk of financial malware by protecting web communication with customers and preventing the stealing of account credentials, we need to stay one step ahead or at least keep pace with the malware developers to reduce their impact.”

While there is a large body of knowledge around Zeus and Spyeye, the information security industry is still building up detailed picture of newer Trojans such as Carberp. Context researchers are at forefront of this work and have published a series of blogs to detail the workings of new generation financial malware and provide advice how it is possible to detect infection and mitigate the threats.

The latest blog focused on, ‘From Infection to Persistence’ can be seen at: http://www.contextis.com/research/blog/malware2/

About Context
Context Information Security is an independent security consultancy specialising in both technical security and information assurance services. Founded in 1998, the company’s client base has grown steadily based on the value of its product-agnostic, holistic approach and tailored services combined with the independence, integrity and technical skills of its consultants. The company’s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. As best security experts need to bring a broad portfolio of skills to the job, Context staff offer extensive business experience as well as technical expertise to deliver effective and practical solutions, advice and support. Context reports always communicate findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report.
www.contextis.com

Issued by:
Context Information Security,
Tel: + 44 (0)20 7537 7515,
email: blogs[at]contextis[dot]com
www.contextis.com

For more information for editors, please contact:
Peter Rennison / Allie Andrews
PRPR, Tel + 44 (0)1442 245030 / 07831 208109
pr[at]prpr[dot]co.uk / allie[at]prpr[dot]co.uk

Distributed on behalf of PRPR by NeonDrum news distribution service (http://www.neondrum.com)

Carberp Trojan: Related Articles

Facebook users targeted by transformed Carberp Trojan
A new form of the Carberp Trojan, which tricks users into committing financial fraud via e-cash vouchers, is now targeting Facebook users, according to researchers at Trusteer. The malware is used in a man-in-the-browser (MitB) attack, which exploits …
searchsecurity.techtarget.com

Context warns of sophisticated new Trojans
Security consultancy, Context Information Security, has issued a warning regarding the sophisticated structure of financial malware, such as the Carberp Trojan, which is both difficult to detect and eliminate. Carberp targets log-in and account …
www.arnnet.com.au

Trojaans paard gijzelt Facebook-pagina
Het gaat om een variant van de Carberp Trojan. Deze malware is speciaal ontwikkeld voor het plunderen van online bankrekeningen, onder andere van klanten van de Rabobank, ABN Amro en ING bank. Carberp vervangt elke Facebook-pagina die de gebruiker van …
www.security.nl

Posted in: Innovations
Melody Wigdahl

About the Author:

Melody Wigdahl is a 25 year veteran of the payments industry, and has been an international ECommerce specialist since 1993. For the last decade, her primary focus as been the area of alternative payments and real time bank payments.

Melody has been with UseMyServices since 2003, and enjoys the challenges of being involved with cutting edge technology on a daily basis.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

8,981 Spam Comments Blocked so far by Spam Free Wordpress

HTML tags are not allowed.

100% Commissions • 100% Bonuses • Instant Reseller Program That COMPLEMENTS Your Current Program!