Home / malware Trojan.Carberp.B
First posted on 21 November 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Carberp.B.
Explanation :
The Trojan may arrive on the compromised computer through phishing emails.
When the Trojan is executed, it creates the following files:
%AllUsersProfile%\Application Data\Mozilla\[RANDOM FILE NAME].bin%System%\Com\svchost.exe
The Trojan creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[EXISTING SERVICE NAME]Sys
The Trojan may connect to one of the following locations:
financialnewsonline.pwdatsun-auto.comupdate-java.net
The Trojan may steal the following information from the compromised computer:
User namePasswordLast update 21 November 2014