New banking Trojan 'Zberp' offers the worst of Zeus and Carberp

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9248567/New_banking_Trojan_Zberp_offers_the_worst_of_Zeus_and_Carberp

By Lucian Constantin
IDG News Service
May 26, 2014

A new computer Trojan that targets users of 450 financial institutions 
from around the world appears to borrow functionality and features 
directly from the notorious Zeus and Carberp malware programs.

The new threat, dubbed Zberp by security researchers from IBM subsidiary 
Trusteer, has a wide range of features. It can gather information about 
infected computers including their IP addresses and names; take screen 
shots and upload them to a remote server; steal FTP and POP3 credentials, 
SSL certificates and information inputted into Web forms; hijack browsing 
sessions and insert rogue content into opened websites, and initiate rogue 
remote desktop connections using the VNC and RDP protocols.

The Trusteer researchers consider Zberp a variant of ZeusVM, a recent 
modification of the widely used Zeus Trojan program whose source code was 
leaked on underground forums in 2011. ZeusVM was discovered in February 
and stands out from other Zeus-based malware through its authors' use of 
steganography to hide configuration data inside images.

The Zberp authors use the same technique, which is meant to evade 
detection by anti-malware programs, to send configuration updates embedded 
in an image that depicts the Apple logo. However, the new threat also uses 
hooking techniques to control the browser that seem to have been borrowed 
from Carberp, another Trojan program designed for online banking fraud 
whose source was leaked last year.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/