Difference between revisions of "Under the hood of Carberp: Malware & configuration analysis"
m (1 revision imported) |
Revision as of 16:22, 7 February 2015
(Publication) Google search: [1]
Under the hood of Carberp: Malware & configuration analysis | |
---|---|
Botnet | Carberp |
Malware | Carberp (bot) |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2010 / |
Editor/Conference | Trusteer |
Link | http://www.trusteer.com/sites/default/files/Carberp Analysis.pdf www.trusteer.com (www.trusteer.com Archive copy) |
Author | |
Type |
Abstract
“ The following document constitutes an analysis of Carberp, a new variant of
financial malware targeting numerous banks around the world. The analysis provides a detailed description of malware operation, communication and installation on the infected machine. It also contains thorough analysis of Carberp configuration, including targeted banks and attack methods.
Introduction
Carberp is a new financial malware, which has the ability to intercept user communication through the browser. It controls all Internet communication and is able to manipulate content presented to the user. This ability is used for two attack methods:
- General attack, used for stealing user’s login credentials to virtually every site which requires SSL authentication, including online banking, mail accounts etc.
- Targeted attack method, which introduces sophisticated HTML injections which target particular banks’ sites, based on the malware configuration.
Trusteer’s malware analysis team has extracted the Carberp configuration data. The malware binary and configuration have been examined in Trusteer labs and key findings of the research are presented herein.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR819, editor = {Trusteer}, author = {}, title = {Under the hood of Carberp: Malware & configuration analysis}, date = {18}, month = May, year = {2010}, howpublished = {\url{http://www.trusteer.com/sites/default/files/Carberp_Analysis.pdf www.trusteer.com}}, }