New bank Trojan infected about 450 institutions
A new computer Trojan that has already managed to infect more than 450 financial institutions worldwide, borrows functionality and capabilities in high-profile Trojan Zeus and Carberp. A new threat received informal name Zberp, says the company Trusteer. According to experts, the new product supports a wide range of functionality. The malware may collect IP-addresses and names of the victims, make screenshots and send them to a remote server, and steal FTP-POP3-accounts, SSL-certificates, as well as information from web forms . In addition, the advanced functionality of the malware can intercept browser-session and introduce fake content sites. At Trusteer say Zberp - a kind of Trojan ZeusVM (last known modifications of banking malware Zeus). ZeusVM was discovered in February of this year, while the entire family is based on Zeus source database implemented back in 2011. ZeusVM highlight was the fact that he used a method of steganography (embedding into graphic files) and spread this way. Zberp also uses this concept, aimed at deceiving anti-malware programs. Corman Martin, a specialist Trusteer, says that today a significant portion Zberp bypasses antivirus. He also said that the malware uses an original technique to hide from antivirus detection: it removes some records starting from the Windows registry at work and returns when you turn off or restart the computer.
.jpg)
