Home / malwarePDF  

Trojan.Carberp.B


First posted on 21 November 2014.
Source: Symantec

Aliases :

There are no other names known for Trojan.Carberp.B.

Explanation :

The Trojan may arrive on the compromised computer through phishing emails.

When the Trojan is executed, it creates the following files:
%AllUsersProfile%\Application Data\Mozilla\[RANDOM FILE NAME].bin%System%\Com\svchost.exe
The Trojan creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[EXISTING SERVICE NAME]Sys
The Trojan may connect to one of the following locations:
financialnewsonline.pwdatsun-auto.comupdate-java.net
The Trojan may steal the following information from the compromised computer:
User namePassword

Last update 21 November 2014

 

TOP