Cybercriminals utilized code from the infamous Zeus and Carberp pieces of malware software to create the next-generation Zberp threat now targeting customers from 450 international financial institutions, according to researchers from Trusteer.
Zberp is able to track IP addresses and names from infected PCs, capture screen shots and upload them, steal POP3 and FTP credentials, hijack browsing sessions, compromise SSL certificates, and conduct remote desktop connections. Cybercriminals were clever and ensured the registry key would be deleted and rewritten so Zberp is difficult to detect with traditional anti-virus software.
"Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won't take cybercriminals too long to combine the Carberp source code with the Zeus code and create an evil monster," said Trusteer officials in a blog post. "It was only a theory, but a few weeks ago we found samples of the 'Andromeda' botnet that were downloading the hybrid beast."