The source code for Carberp – one of the most expensive and robust pieces of online banking malware created – is currently circulating online. Carberp is reputedly able to infect a hard drive's master boot record (MBR), allowing it to evade detection by anti-virus software. Initial analysis suggests that the nearly 2 GB of source code does indeed contain an MBR module.
Full Article
Banking malware Carberp - was $50,000, now free
Userlevel 5
Userlevel 5
Good read, but troubling to say the least. To sell this code on the black market is despicable to say the least!!!!! Hopefully the antivirus companies can counter act this malicious code.
Userlevel 7
MBR infections are normally easy to spot and most PC`s infected will display some odd behaviour to give away the fact that they are infected. As for the Trojan itself it uses a Java exploit (suprise suprise) and will disable certain AV`s, although I havent tested it I dont think WSA is on its list of AV`s to disable.
Userlevel 5
Based on the fact it uses a java exploit, would that mean if you don't have java installed on your PC, your OK???
Userlevel 7
I havent tested it yet but its a Java script exploit from what I can tell. Something like Noscript plugin in FF/Chrome would be useful in that type of situation. If I find a sample I`ll test it in a VM and report back.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.