We have talked in the last blog post about how SpyEye trojan evolved during the time, illustrating some of its technical features and the encryption algorithm used by the trojan to decrypt the configuration file. Yesterday we have uploaded a new technical video that shows how to unpack this new variant of SpyEye in just few minutes with the help of a free debugger.
While SpyEye goes ahead and quickly becomes yet more widespread after the SpyEye-ZeuS joint-venture, we should focus on another threat which is silently raising its status in the ranking of the infostealing trojan family.
Carberp quietly appeared in Q3/Q4 2010 (even if some traces of its code could be found in the months before) and immediately showed great potential. It appears that the team behind this trojan has been very active as of late.
This trojan shows great potential and a modular architecture used to easily and quickly expand its features. All plugins downloaded from the C&C are encrypted with a custom encryption algorithm to evade from classic antivirus scanners. Its features include a module able to disable a list of antivirus software and an antivirus-like module that cleans the infected PC from other infostealing trojan families.
We have written an in depth analysis of the Carberp trojan, illustrating all the technical features of the malware. The paper can be downloaded from the link below:
没有评论:
发表评论