Carberp source code leak “could lead to new wave of attacks”
The source code for banking malware Carberp has been released online - raising the possibility a new wave of attacks using variants of the sophisticated Trojan.
Search results for: "carberp"
Carberp: the never ending story
Aleksandr Matrosov reveals changes in banking Trojan Carberp relating to Java/Spy.Banker (AgentX.jar) and gaining remote access using legitimate software as backdoor components.
White Papers
Win32/Carberp: When You’re in a Black Hole, Stop Digging
This paper consolidates information published By ESET and Group-IB researchers on Russian malware that attacks Russian RBS (Remote Banking Systems) transactions: now updated to version 1.1 to include additional material.
All Carberp botnet organizers arrested
Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.
Carberp and Hodprot: six more gang members held
Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .
Carberp Gang Evolution: CARO 2012 presentation
The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.
Blackhole, CVE‑2012‑0507 and Carberp
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
Win32/Carberp Gang on the Carpet
Group-IB's joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.
Facebook Fakebook: New Trends in Carberp Activity
Facebook fraud, Carberp, statistics and a DDoS plugin.
Carberp white paper: now with added pictures
"Win32/Carberp: When You're in a Black Hole, Stop Digging" aggregates most of our published material on Carberp into a single resource.
Carberp + BlackHole = growing fraud incidents
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.
Evolution of Win32Carberp: going deeper
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.
Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap
Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
Operation Buhtrap, the trap for Russian accountants
The Operation Buhtrap campaign targets a wide range of Russian banks, used several different code signing certificates and implements evasive methods to avoid detection.
Do you really need antivirus software for Linux desktops?
It started, innocently enough, as a question asked in the ESET Security Forum titled "Eset – Do I Really Need Antivirus On My Linux Distros?" However, the answer to that seemingly simple question on Linux antivirus is more complex than a simple yes-or-no response.
Bootkits, Windigo, and Virus Bulletin
ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.
Corkow: Analysis of a business‑oriented banking Trojan
Win32/Corkow is banking malware with a focus on corporate banking users. We can confirm that several thousand users, mostly in Russia and Ukraine, were victims of the Trojan in 2013. In this post, we expand on its unique functionality.
Corkow – the lesser‑known Bitcoin‑curious cousin of the Russian banking Trojan family
A little-known banking trojan, developed in Russia, has managed to infect thousands of victims' computers without the knowledge of their owners. Graham Cluley takes a closer look.
Qadars – a banking Trojan with the Netherlands in its sights
The first sign we saw of this malware was in mid-May 2013, but it is still very active, and uses Android to bypass two-factor authentication systems. It clearly seeks to infect Dutch computers - 75% of detections come from this region.