Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Virus alerts

March 28th, 2012, 13:33 GMT · By

Carberp "Bankbot" Released One Day After Cybercriminals Were Arrested

SHARE:

Adjust text size:

Traffbiz.ru affiliate program
Enlarge picture
On March 20, Russian authorities revealed the fact that a cybercriminal group that relied on the infamous Carberp Trojan to commit bank fraud was terminated after its members were arrested. However, security experts warn that the takedown of a single group does not represent the end of Carberp.

Kaspersky experts discovered that one day after the announcement was made, a Carberp multifunctional bankbot was put up for sale by the malware’s developers on an underground forum.

It turns out that one of the affiliate programs most involved in the distribution of the Trojan is traffbiz.ru. This website is advertised as being an intermediary between webmasters and traffic buyers, but according to specialists from the security firm, its services are mainly used by cybercrooks who want to distribute malware.

Furthermore, a new Carberp distribution was spotted infecting radio-moswar.ru, a site dedicated to the online MosWar game.

Researchers determined that one of the website’s pages was altered to host a malicious script which, after multiple redirects to free domains, lands the victim on the traffbiz site. Here, another script triggers two other redirects.

One of the links points to a Java and PDF exploit that downloads Trojan-Spy.Win32.Carberp.epm. Once it infects a computer, the Trojan connects to an operational command and control server from which it receives configuration files that tell it what to steal.

“During the attack, Carberp intercepts the content of Citibank and Raiffeisen Bank webpages on the computer, as well as pages that use software created by BSS, a company which develops and deploys automated remote banking systems,” Vyacheslav Zakorzhevsky, Kaspersky Lab Expert, wrote.

The other link points to the BlackHole Exploit Kit which downloads not only Carberp, but also another information-stealing Trojan that targets FTP passwords and other sensitive data.

“In short, those responsible for developing Carberp remain at large and the cybercriminal gangs using the Trojan remain active. In other words, victory is a long way off,” Zakorzhevsky concluded.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.
FILED UNDER:
Carberp
Trojan
Russia


1,367 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


8 Alleged Carberp Cybercriminals Arrested in Russia
Softpedia Exclusive Interview: Trusteer Expert on Financial Malware
Ransomware Poses as Law Enforcement Agency and Fines Users
Carberp Trojan Dupes Facebook Users into Handing over Ukash Vouchers

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use