About Us | Contact Us
View Cart

New Hybrid Trojan ‘Zberp’ Child of Zeus and Carberp

By Vigilize | Wednesday, May 28, 2014 - One Comment

The worst of Zeus and Carberp has been combined into a hybrid banking Trojan known as ‘Zberp.’

A hybrid Trojan monster dubbed ‘Zberp’ is setting its sights on 450 financial institutions world wide.

The new virus has features from both its parents, combining to create a threat to be reckoned with. Features include the ability to “gather information about infected computers including their IP addresses and names; take screen shots and upload them to a remote server; steal FTP and POP3 credentials, SSL certificates and information inputted into Web forms; hijack browsing sessions and insert rogue content into opened websites, and initiate rogue remote desktop connections using the VNC and RDP protocols.”

Just like Zeus, Zberp evades anti-malware scanner detection through embedded configuration updates within an image of the Apple logo. From Carberp, the new Trojan inherited the ability hooking techniques used to control browsers.

Trusteer researchers Martin Korman and Tal Darsan commented on their blog, “Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won’t take cybercriminals too long to combine the Carberp source code with the Zeus code and create an evil monster.”


Original article by Lucian Constantin.
Read the full story here.

One Response to “New Hybrid Trojan ‘Zberp’ Child of Zeus and Carberp”

Comment from .
Time 05/29/2014 at 8:30 am

Isn’t the malware research community at large considering this a new version of KINS rather than an altogether new Trojan?

“In the article, they stated that, recently, Trusteer researchers had discovered a new malware sample whose behaviour resembled those of Zeus and Carberb. As this sounded quite strange, we reviewed all the info available and, for us, there is no evidence to support that we are facing a new banking trojan but just a variant of the Kins trojan sight by S21sec a while ago.”; http://securityblog.s21sec.com/2014/05/new-trojans-on-horizon.html

“’In my opinion the code that Trusteer calls and new malware and even dubs with a new name is nothing but a slight modification of KiNS/ZeuSVM. As parts of this code is already available to anyone who would go looking for it, giving a new name for each modification would end up in a naming nightmare,’ said Peter Kruse of CSIS in Denmark.”; http://threatpost.com/zeus-carberp-hybrid-trojan-pops-up/106283

Leave a comment

(required)

(required) [will not be published]

Solve this Captcha * Time limit is exhausted. Please reload CAPTCHA.

Latest News