Zeus-Carberp mashup Trojan targets banks
29 May 2014 | 5583 views | 0
A new Trojan that combines elements of the notorious Zeus and Carberp families is targeting hundreds of financial institutions around the world, security researchers are warning.
Trusteer says that the Trojan, which they have dubbed Zberp, seems to have been assembled from the leaked source code of Zeus and Carberp.
The result of the mashup enables cyber-crooks to grab basic information about the infected computer, including the name, IP and more. It can take screen shots and send them to the attacker. It steals data submitted in HTTP forms, user SSL certificates and even FTP and POP account credentials.
The malware also uses evasion techniques that it inherited from both Zeus and Carberp to hide from anti-virus and anti-malware tools.
According to Trusteer, Zberp has been targeting more than 450 financial institutions around the world, mainly in the US, UK and Australia.
Say researchers Martin Korman and Tal Darsan: "Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won't take cyber criminals too long to combine the Carberp source code with the Zeus code and create an evil monster."