Carberp-based trojan attacking SAP

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Carberp-based trojan attacking SAP
Botnet Carberp, Gamker
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-11-20
Editor/Conference Microsoft Malware Protection Centre
Link http://blogs.technet.com/b/mmpc/archive/2013/11/20/carberp-based-trojan-attacking-sap.aspx (Archive copy)
Author Geoff McDonald
Type Blogpost

Abstract

ecently there has been quite a bit of buzz about an information-stealing trojan that was found to be targeting the logon client for SAP. We detect this trojan as TrojanSpy:Win32/Gamker.A.

SAP is a global company with headquarters in Germany and operations in 130 countries worldwide. SAP develops enterprise software applications for tracking and managing business operations, and is used by an estimated 86% of Forbes 500 companies. These business operations can range from applications such as tracking the manufacture of a product in a factory, managing human resources processes, or tracking and managing customer sales. Needless to say, the data contained in SAP systems is often sensitive and the security surrounding SAP systems is a recurring topic in the information security field.

A few weeks ago, another vendor reported a trojan in the wild specifically including functionality targeting SAP. This is believed to be the first malware developed by criminals targeting SAP.

In this blog we will present our analysis on how this trojan targets SAP and how it has code in common with Win32/Carberp.

Bibtex

 @misc{McDonald2013BFR4714,
   editor = {Microsoft Malware Protection Centre},
   author = {Geoff McDonald},
   title = {Carberp-based trojan attacking SAP},
   date = {20},
   month = Nov,
   year = {2013},
   howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2013/11/20/carberp-based-trojan-attacking-sap.aspx}},
 }