News

Zeus and Carberp: New malware combines two pre-existing malicious codes

According to a new MarketsandMarkets report, the cybersecurity market is currently experiencing a growth spurt that will last for the next five years at least.

The sector is forecasted to reach $95.60 billion by the end of 2014, and will further expand to $155.74 billion by 2019. The market expansion will come at a compound annual growth rate of 10.3 percent through the next five years. A main force driving this growth is the incremental rise in cybercriminal activities which creates increasing demands for security systems that prevent infections and the theft of sensitive information.

"[T]he ratification for cybersecurity solutions is increasing to combat the advanced and sophisticated threats created by professional adversaries," the report stated.

Zberp: New hybrid malware strain
One of the newest security threats spurring the growth of the cybersecurity market is Zberp, a newly discovered hybrid malware sample. According to CSO, the strain combines the abilities of the Zeus and Carberp Trojans - the codes for both infections are now publicly available.

The Zeus code was leaked in 2011, allowing hackers to cherry pick bits of it for use within other samples for the past three years. However, since the Carberp code was put up for sale last year, security experts feared that cybercriminals would combine the two in the near future.

"Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won't take cybercriminals too long to combine the Carberp source code with the Zeus code and create an evil monster," security researchers Martin G. Korman and Tal Darsan noted in a statement.

The new Zberp malware has several malicious capabilities taken from its Trojan parents, including the ability to steal sensitive information, capture and send screenshots to remote servers, as well as the capacity to hijack user browser sessions to redirect traffic and display rogue content.

The new strain also makes use of steganography seen within the ZeusVM malware, where the sample hides configurations and avoids detection, thereby prolonging the infection and increasing malicious activity. Security experts have also recognized the use of a technique known as "invisible persistence."

"[T]he malware deletes its persistence key from the registry during the Windows startup process to prevent security solutions from detecting it during normal system scans that take place after the system boots," stated the security firm that first discovered Zberp. "To ensure persistency, however, the malware rewrites the persistence key back to the registry system during shutdown."

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!