31 Jan 2011

Carberp continues to evolve

The Carberp Trojan has evolved since it was discovered last October.

Alongside SpyEye, Carberp is considered the next big banking threat. The previous versions of the malware were quite simple but have become more sophisticated. The second generation contained features for managing a command - and - control web-based botnet.

The malware has gone through three versions. The current version interferes with computer security software and disables antivirus software. The piece of banking malware remains hidden on victim’s PC’s and is able to remove antivirus scanners and other malware from the host.

The cyber criminals that use Carberp have added security software detection to get the greatest return on their investment in the malware kit.

"Cyber criminals for quite some time have paid for 'antivirus test' services," said Aviv Raff, the chief technology officer at an Israeli security start up. "So they collect the antivirus information from the infected machines in order to check whether the tests they paid for actually work, and that they indeed evade the [software] successfully."

Carberp steals a range of data and disguises itself as a legitimate Windows file. The malware runs on any Windows version without needing administrator privileges and is used by several different cybercrime groups.