Home Malware Programs Trojans Trojan-Spy.Win32.Carberp.epm

Trojan-Spy.Win32.Carberp.epm

Posted: April 3, 2012

Threat Metric

Threat Level: 5/10
Infected PCs: 162
First Seen: April 3, 2012
Last Seen: March 15, 2023
OS(es) Affected: Windows

Trojan-Spy.Win32.Carberp.epm is a recent variant of the Carberp Trojan and is unlikely to be the last version of that PC threat that SpywareRemove.com malware researchers ever see, given that Carberp was recently found to be sold to various criminals as a spyware product. Like other versions of Carberp, Trojan-Spy.Win32.Carberp.epm is used to target and steal personal information from your PC, especially information that relates to bank accounts, although Trojan-Spy.Win32.Carberp.epm can also be reconfigured for other targets and other attacks. The latest reports of Trojan-Spy.Win32.Carberp.epm attacks involve the inadvertent distribution of Trojan-Spy.Win32.Carberp.epm at radio-mowar.ru after that site was hacked. It's recommended that you scan your PC with appropriate software if you've had any contact with radio-mowar.ru recently. Because Trojan-Spy.Win32.Carberp.epm, like most types of spyware Trojans, tries to avoid obvious symptoms that would give its presence away, detecting Trojan-Spy.Win32.Carberp.epm without anti-malware software is impractical for non-experts in PC security.

How Trojan-Spy.Win32.Carberp.epm Turns Your Lust for Gaming into an Opportunity for Robbery

While Trojan-Spy.Win32.Carberp.epm can, like all PC threats, be distributed by multiple methods, the latest string of Trojan-Spy.Win32.Carberp.epm attacks has made use of the website radio-moswar.ru, a legitimate Russian site that's built around the Moswar gaming application. These attacks inserted a code that was designed to trigger exploits in both PDF and Java that are identifiable as CVE-2010-0188 and CVE-2011-3544. Once these vulnerabilities are exploited, your PC is infected with several types of spyware Trojans: not just Trojan-Spy.Win32.Carberp.epm, but also Trojan-PSW.Win32.Agent.acne and Trojan-Spy.Win32.Varberp.epl.

After being installed, Trojan-Spy.Win32.Carberp.epm contacts a Command & Control server for instructions. SpywareRemove.com malware researchers have found that Trojan-Spy.Win32.Carberp.epm's latest instructions cause Trojan-Spy.Win32.Carberp.epm to target Citibank and Raiffeisen Bank websites, and if you use either of those sites, your bank account is particularly vulnerable to Trojan-Spy.Win32.Carberp.epm attacks. Since Trojan-Spy.Win32.Carberp.epm can capture and transmit login information for your bank account without any overt signs of its attacks, it's suggested that you use anti-malware software to detect Trojan-Spy.Win32.Carberp.epm and assume that your bank account has been compromised if you've accessed these sites on a Trojan-Spy.Win32.Carberp.epm-infected PC.

How to Save Your PC from Trojan-Spy.Win32.Carberp.epm's Digital Heist

Since Trojan-Spy.Win32.Carberp.epm and other Carberp Trojans are often delivered by website-based exploits, taking care to avoid suspicious or compromised websites can be important for protecting your PC from Trojan-Spy.Win32.Carberp.epm attacks. SpywareRemove.com malware experts also suggest disabling exploitable features (such as Flash and Java) unless they're necessary for features on trustworthy sites, since Trojan-Spy.Win32.Carberp.epm can't be installed unless these exploits are open. However, no amount of browser security can protect against zero-day exploits, which is why you should also have anti-malware software to block Trojan-Spy.Win32.Carberp.epm installation attacks as they strike.

Since Carberp Trojans like Trojan-Spy.Win32.Carberp.epm use code injection techniques to avoid displaying an independent file or memory process, you should never try to delete Trojan-Spy.Win32.Carberp.epm by manual methods if other options are accessible. SpywareRemove.com malware research team also notes that, due to the variability in configuration, having updated databases for your anti-malware programs should also be considered vital for detecting all components in a Trojan-Spy.Win32.Carberp.epm infection.

Loading...