Zberp evolves, spreads through phishing campaign

Zberp – malware developed from the source code of Zeus and newer financial malware Carberp – is being spread with the help of malicious emails.

On Monday, Elad Sharf, lead senior security researcher at Websense, blogged about the phishing campaign.  

According to Sharf, attackers delivered the Zeus variant by leveraging hidden Windows PIF files, he wrote.

Spurious emails with subject lines about a failed delivery package or fax or payment confirmation are often the lure of choice for attackers. Since PIF files act as executable extensions, victims, who believe they are opening attachments, are actually redirected to zip files containing the malware.

Furthermore, the Zeus variant has an improved means of evading security solutions that typically pick up on “malicious hooks,” malware activity signifying that computer processes are being spied on by attackers, Sharf wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.