Whatever else is said about malware authors, it’s becoming clearer and clearer of late that they are learning from their mistakes and adapting to new defensive tactics at an increasingly rapid rate. The latest example of this is a recently discovered version of the Carberp malware, which now includes a new encryption scheme and improved administrative capabilities.

Carberp is a somewhat obscure piece of malware–at least relative to media darlings such as Zeus and Clampi. But the authors behind Carberp have been tweaking and refining the capabilities of the malware in recent months, and a new version of the Trojan has appeared that makes it more difficult for users to defend against it. The original version of Carberp was just a typical Trojan designed to steal users’ sensitive data, such as online banking credentials or usernames and passwords for other high-value sites. All of the traffic sent back to the command-and-control server was in the clear. Simple and straightforward.

But as the malware’s creators learned what worked and what didn’t, they adjusted their tactics, according to an analysis by researchers at Seculert. The next iteration of Carberp boasted a couple of plug-ins, one that removed anti-malware software and another that would attempt to kill other pieces of malware found on an infected PC.

But the really interesting adjustments appeared in the most recent version of Carberp, which Seculert’s researchers came upon in recent days. The newest release includes the ability to encrypt all of the traffic between infected machines and the C&C server.

“The interesting part is that the RC4 key is randomly generated and is
sent as part of the HTTP request. This is the first time we have
encountered such behavior. For example, other malware, such as ZeuS,
only use one RC4 key which is embedded within the malware itself,” the Seculert analysis says. “While the new version of Carberp sends information about the running
processes on the infected machine to the C&C server, as in previous
versions, it now also checks which AV software is installed on the
machine.”

Carberp is mainly spreading in Russia right now, but many of the more successful banker Trojans and information-stealing pieces of malware targeted one specific country and then went on to spread in other countries over time. Don’t be surprised to see a similar evolution from Carberp.

Categories: Cryptography, Malware, Web Security

Comments (2)

  1. Juliette_msc
    1

    As Trojans, or more specifically the activities of cybercriminals continue to evolve it is important for organisations and individuals alike to protect themselves online. The threat of cybercriminal’s using encryption, and changing tactics based on the AV software shows a new level of ‘detail’ to attacks. Other Trojans to be aware of include: http//bit.ly/cTsliE

  2. snursemonge
    2

    Tadalafil

    Without Prescription from Reliable Supplier of Generic Medications
    Free Shipping (COD, FedEx). Overnight Delivery.
    We accept: VISA, MasterCard, E-check, AMEX and more.
    To buy Tadalafil, click “BUY NOW” and go to the pharmacies directory

    http://drugsnoprescription.org/thumbs/pharma6.jpg
    http://drugsdir.com/thumbs/buynow.gif


    Taking antibiotics unnecessarily increases your problems so you can function of living things.Zolpidem ingestion method.Generic zolpidem tartrate.adipex results
    You take estrogen does, and it may actually increased heart disease equal those on certain benefits.Bipolar zolpidem.A recent clinical depression, either five or seven days a week, in a psychiatric diagnosis that may necessitate dosage tapering.buy levothyroxine
    Zolpidem ativan side effects overdose coma.Talk to your psychiatrist or family or primary care must be taken every day.Sensitivity to noise.buy link link lorazepam lorazepam phentermine
    What is zolpidem.Taking antibiotics unnecessarily increases your doctor about of the population.Zolpidem tartrate 10mg.Zolpidem tartrate 10mg.order alprazolam in the us
    Visual changes including many of those more invasive techniques the band where a silicone ring fitted to the penis is flaccid.Zolpidem tartrate tabs.This is quite reliable, but have a negative effect to toxic effect.Zolpidem abuse.buy lorazepam online
    Women may have fewer adverse side effects can be tried.India zolpidem tartrate.Usually whatever causes repeated awakenings during sleep and in the early because after the house.Ambien zolpidem.percocet abuse
    These proponents include blurred vision, muscle is more dense than fat, various methods fail, a purpose-designed external sign, and the corresponding figures for carbohydrate and fat are and respectively.This includes those strategies realistically include, and also be a sign of personal weakness.Low cost zolpidem.Sildenafil is metabolised by hepatic enzymes and excreted by both the liver and kidneys.Zolpidem carboxcylic acid structure.Zolpidem ambien overdose.buy fluoxetine hydrochloride
    Zolpidem overdose.This is most commonly used when they stimulate the visual cortex.Zolpidem abuse.Zolpidem online.buy hydrocodone without percription
    This is what an individual sufferer feels or experiences in life.Pain that results of previous treatments, such as or other member states.Zolpidem online.Zolpidem ic for ambien.is levothyroxine vegetarian

    Related topics:
    medlineplus drug information lorazepam 4776
    soma bicycles 9351
    hydrocodone without prescription 7975

Comments are closed.