Under the hood of Carberp: Malware & configuration analysis

{{Publication financial malware targeting numerous banks around the world. The analysis provides a detailed description of malware operation, communication and installation on the infected machine. It also contains thorough analysis of Carberp configuration, including targeted banks and attack methods.
 * Titre=
 * Image=
 * Legend=
 * Document=
 * Video=
 * Link= http://www.trusteer.com/sites/default/files/Carberp_Analysis.pdf www.trusteer.com
 * Author=,
 * NomRevue= Trusteer Fraud Prevention Center
 * Date=
 * Editor=Trusteer
 * Year=2010
 * Page=
 * Abstract=The following document constitutes an analysis of Carberp, a new variant of

Introduction
Carberp is a new financial malware, which has the ability to intercept user communication through the browser. It controls all Internet communication and is able to manipulate content presented to the user. This ability is used for two attack methods: Trusteer’s malware analysis team has extracted the Carberp configuration data. The malware binary and configuration have been examined in Trusteer labs and key findings of the research are presented herein. }}
 * 1) General attack, used for stealing user’s login credentials to virtually every site which requires SSL authentication, including online banking, mail accounts etc.
 * 2) Targeted attack method, which introduces sophisticated HTML injections which target particular banks’ sites, based on the malware configuration.
 * Botnet=Carberp,
 * Malware=Carberp (bot),