IDG News Service - A piece of banking malware that researchers have been keeping an eye on is adding more sophisticated capabilities to stay hidden on victims' PCs, according to the vendor Seculert.
Carberp, which targets computers running Microsoft's Windows operating system, was discovered last October by several security companies and noted for its ability to steal a range of data as well as disguise itself as legitimate Windows files and remove antivirus software. It has been billed as a rival to Zeus, another well-known piece of malware.
Carberp communicates with a command-and-controller (C&C) server using encrypted HTTP Web traffic. Previous versions of Carberp encrypted that traffic using RC4 encryption but always used the same encryption key.
Using the same key meant it was easier for intrusion protection systems to analyze traffic and pick out possible communication between the infected Carberp computers and the C&C servers, said Aviv Raff, CTO and co-founder of Seculert. Seculert runs a cloud-based service that alerts its customers to new malware, exploits and other cyberthreats.
A new version of Carberp is mixing it up, using a randomly different key when it makes an HTTP request, said Raff. When it uses the same key, there are some static patterns that can be detected. Even Zeus, which is begrudgingly respected for its high-quality engineering, uses the same key that is embedded in the malware.
"Most network-based security solutions are using traffic signatures to detect bots trying to connect to the C&C," Raff said. "This new feature is used to evade this type of detection and make it hard and almost impossible to create such signatures."
Seculert has posted more information about Carberp on its Web site.
Carberp has also expanded the scope of the victims it seeks to infect. The latest version is targeted users in Russian-speaking markets, Raff said. Previous versions targeted banks in the Netherlands and the U.S., he said.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!