Security consultancy, Context Information Security, has issued a warning regarding the sophisticated structure of financial malware, such as the Carberp Trojan, which is both difficult to detect and eliminate.
Carberp targets log-in and account information, and harvests credentials for both email and social networking sites.
Like its predecessors Zeus and Spyeye, Carberp operates through drive-by downloads and malicious files.
Once in place, it is controlled via a central administration control panel that allows the attacker to mine stolen data, as well as drop further malicious files and produce a backdoor to the host.
As part of a botnet, it has the ability to take complete control over infected hosts, while using its complex mechanics and functionality for other targeted attacks.
Carberp remains undetected by antivirus software due to its advanced stealth, anti-debugging and rootkit techniques, composed of multiple layers of obfuscation and encryption.
Context research and development manager, Michael Jordon, said, “We need to stay one step ahead or at least keep pace with the malware developers to reduce their impact.”
Although there is a large body of knowledge around Zeus and Spyeye, newer Trojans such as Carberp require further investigation.
Context researchers have published a series of blogs that detail the process of their analyses.