A new computer Trojan has hit the world of online banking lately. To your surprise it has its features drawn from the infamous malware programs Zeus and Carberp.
This threatening Trojan has wide range of features that could be helpful for authors to collect information about infected computers, such as their IP addresses and names, and to take screen shots, upload them to remote server, steal SSL certificates, FTP and POP3 credentials and information inputted into web forms, etc. Not only this but one can also hijack browsing sessions and insert rogue content into opened websites, and start off rogue remote desktop connection using VNC and RDP protocols.
This nasty threat is named Zberb by some security researchers from IBM subsidiary Trusteer and the same is considered a variant of ZeusVM, which is nothing but a modification been made on Zeus Trojan program the source code of which was leaked on underground forums in 2011.
Discovered in February, Zberb is different from other Zeus-based malware as the authors in this can hide configuration data inside images. They can use the technique to evade detection by anti-malware programs and send configuration updates rooted in an image with Apple logo. Hooking technique is another step that Zberb is capable of taking to control browser that seem to have been borrowed from Carberb, which is another Trojan designed for online banking frauds.
Martin Korman and Tal Darsan, both Trusteer researchers, said in their blog post, “The source code of the Carberb Trojan was leaked to the public and now cybercriminals won’t take too long to combine this code with Zeus code to create something dangerous.” They added, “Only a week ago we found samples of ‘Andromeda’ botnet that were downloading the hybrid beast.”
According to the researchers, Zberb is using some of the techniques from ZeusVM to hide its existence and escape the detection. “Virus-Total scan claimed that the Zberb Trojan was able to evade most anti-virus solutions when it was first detected,” said one of the Trusteer researchers.