Despite its initially low distribution, it was classified as one of the most potentially dangerous Trojans by antivirus manufacturers such as Trend Micro due to its high damage potential. The Federal Office for Information Security warned against Carberp in 2010.
Carberp manipulates the websites accessed by the user directly in the browser and spies out login data even before they are encrypted. Carberp does not need admin rights for these actions and thus bypasses the protection provided by the user account control of Windows Vista and Windows 7 .
The Carberp Trojan has the following properties, among others:
- it deactivates other malware in order not to be disturbed and to prevent the flow of information to other criminals
- can run on the infected computer without administration rights
- the malicious program has full control over the Internet traffic of the infected computer
- Carberp transmits data to the attacker's server in real time
Carberp is constantly being developed and comes in different variants. A variant of the Carberp Trojan that appeared in 2012 blocks access to Facebook . Instead of the normal profile page, the user is shown a page in the Facebook look, on which he is asked to pay a sum of money in order to get his login back.
Since June 2013 the source code of the Trojan, which was previously offered for sale for around 40,000 US dollars, has been freely available for download in various hacking forums.
- Under the Hood of Carberp: Malware & Configuration Analysis (PDF; 298 kB) at trusteer.com (English)
- The Carberp Trojan ( memento of the original dated December 23, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF; 284 kB) at commagazin.de
- BSI management report 4/2010, bsi.bund.de
- Trojan blackmailing Facebook users at t-online.de
- Banking Trojan Carberp: Yesterday 50,000 US dollars, today free online at heise.de, accessed on July 1, 2013