Carberp Trojan
Carberp is anther malware that launches Man In the Browser Attacks.
According to Trustdender Lab:
- Carberp features heavily dynamic JavaScript hosted on a valid HTTPS (SSL) websites
- This JavaScript is designed to get around the most sophisticated two factor authentication code (such as transactional hardware tokens)
- Carberp demonstrates how cyber criminals are developing Trojans to create sophisticated configuration files and JavaScript. Theoretically this can be used with any type of Trojan of choice whether that is Carberp, Zeus, Spyeye or Gozi
- The sophistication of the injected HTML is incredibly high. User experience specialists are employed to do this as the key is to make it look legitimate
Carberp hit the scene with a big bang last month (Nov 2010) targeting financial institutions with transactional two factor authentication schemes. For more details, please visit the following link: