The position of the infamous Zeus trojan may be usurped by a new upstart that is unknown to four of the six largest antivirus companies and has already been used by a criminal group to empty bank accounts across Europe and America.
The latest incarnation of the Carberp trojan possesses most of the tricks used by Zeus to steal millions of dollars from bank accounts around the world, and targets the most popular operating systems and web browsers including Microsoft's Windows 7, Vista and XP, as well as the Internet Explorer and Mozilla Firefox web browsers.
It also attempts to seek and destroy or disable rival bank account-stealing trojans, including Zeus. However, it is not known if the malware possesses the capability to remove the malware.
Security companies have yet to agree on the characteristics of Carberp. To some security companies Carberp is considered a derivative of Zeus. Less harmful variants of Carberp exist including malware downloaders and generic trojans, but this latest instance is considered the first fully-capable banking trojan of its kind.
"Carberp is different. It is very, very sophisticated and I expect the infection rates to be the same as Zeus," said Andreas Baumhof, co-founder and chief technology officer of secure banking authentication firm TrustDefender. He said the trojan is as yet unknown to the big antivirus companies. [...]
The company's research arm identified the new Carberp variant three months ago and has now deconstructed it.