Evolution of Win32Carberp: going deeper
(Publication) Google search: [1]
| Evolution of Win32Carberp: going deeper | |
|---|---|
| |
| Botnet | Carberp |
| Malware | Carberp (bot), Rovnix, Hotdrop, DRPdoor, Sheldor |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 5th December 2011 |
| Editor/Conference | ESET |
| Link | http://blog.eset.com/2011/11/21/evolution-of-win32carberp-going-deeper blog.eset.com (blog.eset.com Archive copy) |
| Author | David Harley, Dmitry Volkov, Eugene Rodionov, Aleksandr Matrosov |
| Type | |
Abstract
“ This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family. This trojan is notorious as one of the most widely spread malicious programs in Russia, stealing money from remote banking systems and primarily targeting companies which perform a huge number of financial transactions a day. We already shed some light on this malware in our CARO 2011 presentation “Cybercrime in Russia: Trends and issues”. The cybercrime group behind this Trojan is very active in the territory of Russia and the former Soviet republics. We spotted the first cases related to the Carberp trojan around the end of 2010 and in the middle of the summer of 2011 we can see from the following graph that there was a big spike in the number of detections, a pattern which has been repeated at the beginning of the fall.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR871,
editor = {ESET},
author = {David Harley, Dmitry Volkov, Eugene Rodionov, Aleksandr Matrosov},
title = {Evolution of Win32Carberp: going deeper},
date = {05},
month = Dec,
year = {2011},
howpublished = {\url{http://blog.eset.com/2011/11/21/evolution-of-win32carberp-going-deeper blog.eset.com}},
}