Sunday, 7 April 2013

TrustDefender Demonstrates Sophisticated HTML and JavaScript Injection of Carberp

(PRWEB) December 10, 2010

After revealing the true threat of new Trojan Carberp, TrustDefender Labs has released an in-depth analysis into how the malware infiltrates websites and the details of its operation. Carberp hit the scene with a big bang last month targeting financial institutions with transactional two factor authentication schemes. The new Labs report reveals how cyber criminals have developed sophisticated configuration files and JavaScript methods, which Carberp is using with remarkable skill to target banking websites.

TrustDefender Labs most recent analysis of the Carberp variant exposes the complex configuration systems used, shows how the website mechanism works and highlights the impressive JavaScript injection code used by cyber criminals.

Andreas Baumhof, CTO of TrustDefender comments, Todays Trojans are evolving to become more than just an enabler to get sophisticated HTML into the currently viewed website. In this way Carberp follows the same principle as all other transactional Trojans such as Zeus, Gozi, Spyeye and Silon. What makes Carberp so effective is the threat does not come from the malware itself. The real threat comes from the configuration file and the related resources such as the highly modular and sophisticated JavaScript inclusions.

The fraudsters behind Carberp spend considerable time not just on the configuration file, but also making sure they have a flexible and dynamic method in place to compromise even elaborate two factor authentication schemes. Their aim goes beyond just information stealing where the stolen data is sent to a different location. The bad guys employ a forceful method to send and receive information to bypass even dynamic password schemes. Dynamically generated JavaScript will ensure that Carberp is customised for the targeted financial institution and operation (e.g. wire transfer).

What are the sophisticated Javacript characteristics being used by Carberp?


TrustDefender Demonstrates Sophisticated HTML and JavaScript Injection of Carberp
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)