Carberp TrojanWhile the world seems busy deliberating how Zeus is targeting financial institutions and banks for stealing the user customer username and password data from the user’s computer, there is a host of newer variants of financial trojans and malware developing, which are equally potent and capable of causing similar damages.

In the earlier post, we have already talked about Bugat. Now is the turn of Carberp. Carberp is a trojan, which mostly targets banks and finance related sites. It has been found to be an “evolved” version and reported to show some advanced features, which make its detection still more difficult. These features include…

  1. Ability to run as non-administrator
  2. Ability to infect Windows XP , Windows Vista and Windows 7
  3. Will not make any changes to the registry (only in memory modifications)
  4. Sophisticated browser hooking to fully control all internet traffic (including HTTPS with EV-SSL)
  5. Stolen data is transmitted in real-time to C&C server

One of the first things, which Carberp Virus tries to do is to disable the functionality of antivirus and security applications installed on your system. Carberp Virus has the ability to steal passwords from lots of applications and services running on your system. These applications include…

  • WinVNC3
  • Remote Desktop Connections
  • PC Remote Control
  • Freecall
  • Camfrog
  • ASP.NET Account
  • Cached Passwords
  • Cisco Systems VPN Clients
  • Windows Passwords
  • ICQ
  • MSN
  • AIM
  • GAIM
  • QIP
  • Odigo
  • GTalk
  • PSI
  • My Spcae
  • Live Messenger
  • PalTalk
  • Excite
  • Gizmo
  • Pidgin
  • Pandion
  • QIPOnline
  • JAJC
  • Digsby
  • Astra
  • Opera
  • Safari
  • Firefox
  • Chrome
  • Gmail
  • RimArts
  • The Bat!
  • Eudora
  • Total Commander
  • WS_FTP
  • CuteFTP
  • FileZilla
  • Bullet Proof FTP
  • SmartFTP
  • CoffeecupFTP
  • FTP Explorer
  • Frigate3FTP

It is scary to note the comments of leading security agencies about Carberp Virus and its potency.

“Carberp is different. It is very, very sophisticated and I expect the infection rates to be the same as Zeus,” said Andreas Baumhof, co-founder and chief technology officer of secure banking authentication firm TrustDefender. He said the Trojan is as yet unknown to the big antivirus companies.