A good Carberp is hard to find - Context Information Security lead reseach into next generation financial malware and trojans

Financial malware threat is growing says Context researchers

(PresseBox) ( London, )
Increasingly sophisticated financial malware such as the Carberp Trojan is becoming more and more difficult to detect and eliminate, warns researchers at Context Information Security. Designed to steal log-in and account information and harvest credentials for email and social-networking sites, Carberp, like its more well know predecessors Zeus and Spyeye, infects machines through malicious files such as PDFs and Excel documents or drive-by downloads.

In most cases Carberp will persist undetected by antivirus software on the infected machine using advanced stealth, anti-debugging and rootkit techniques and is controlled from a central administrator control panel that allows the attacker to mine the stolen data. Carberp is also part of a botnet that can take full control over infected hosts, while its complicated infection mechanisms and extensive functionality make it a prime candidate for more targeted attacks.

The malware uses multiple layers of obfuscation and encryption to remain hidden and prevent analysis. Once embedded and decrypted, the real infection begins with malicious file dropping and process injection steps that provide a backdoor to the host under attack.

"The advanced infection capabilities of Trojans such as Carberp require detailed knowledge of how they operate to detect and analysis attacks," says Michael Jordon, research and development manager at Context. "While many banks are now using tools such as Rapport from Trusteer to mitigate the risk of financial malware by protecting web communication with customers and preventing the stealing of account credentials, we need to stay one step ahead or at least keep pace with the malware developers to reduce their impact."

While there is a large body of knowledge around Zeus and Spyeye, the information security industry is still building up detailed picture of newer Trojans such as Carberp. Context researchers are at forefront of this work and have published a series of blogs to detail the workings of new generation financial malware and provide advice how it is possible to detect infection and mitigate the threats.

The latest blog focused on, 'From Infection to Persistence' can be seen at: http://www.contextis.com/research/blog/malware2/
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an service@pressebox.de.