1. Forums /
  2. Tech Boards /
  3. Computer Programming /
  4. Trojan Carberp, Be warned
Post: Trojan Carberp, Be warned
01-31-2012, 04:08 PM #1
doxis's Avatar
doxis
< ^ > < ^ >
(adsbygoogle = window.adsbygoogle || []).push({}); A new variant of Trojan Carberp is geared to fool Facebook users that their accounts are locked and that they have to pay a ransom to get access to your account. When the victim uses a computer infected by Trojan-Carberp sent him on to a false start for Facebook to announce that the account is locked. The user then invited to enter their name, email address, password, birth date and transaction number on a Ucash transfer of EUR 20 to approve the reading of the account. The fake page report that Ucash-sum will be added to the user's' Facebook balance ", which of course is not true.
You must login or register to view this content.
The page that racketeers created looks like a legitimate Facebook page and it can be difficult for an unwitting victim to understand that they are exposed to a fraud.


Anders Nilsson security specialist at Eurosecure, distributor of ESET NOD32 Antivirus, explains:

- In this case works Carberp as a so-called man-in-the-browser, an attack form that resembles a man-in-the-middle attack. The Trojan monitors the various API's you that Windows reads and writes on the web and can thus replace the page that appears - in this case, a fake Facebook page. Since Carberp have control over your computer so you can not rely on the url shown. No one knows that one is infected, it's hard to know that you are the victim of fraud.

- Carberp is widely spread in Eastern Europe and Russia.

At a time when more and more have backup their important files in your computer, try blackmailer find new ways to scare users into paying money. Currently Facebook is a rewarding target when the target of the attack is very large, while Facebook's user both confident side and also are terrified of getting rid of information or control over their account.
You must login or register to view this content.
The picture shows the code to Carberps "Facebook plugin" looks like. It matches all URLs that contain "*//* facebook.com / * ", and replace it with a static content, stating that one must verify the age and country by paying with Ucash. Money that you then will get back when verification is complete.

anonymous transfers
By using Ucash is also the risk that the fraudsters detected minimal, since Ucash can be likened to an anonymous cash. Fraudsters can receive a payment and immediately put the money they earned at other sites online, or sell e-money on.

At the usual similar attacks against such bank login pages is required, in principle, always fraudster at some point have to transfer money between bank accounts to access them, increasing the risk that they get caught. Therefore, it has become increasingly common for scammers use different payment services and direct transfers.

Needed some form of regulation or supervision of the management of so-called e-money?

- Anonymity can have negative backs, but I can still not claim to be for some form of regulation, it is a panacea, I do not really trust. However, it is important that computer users who have had their computers infected with trojans and serious botnätsklienter get out there and play Internet providers an important role. In extreme cases it may be time to shut down access to the network completely, for example, when you see that one computer sends large amounts of spam, which some Swedish ISPs are already doing, says Anders Nilsson.


People pay so please don't say that noone would pay stare

Regards
Doxis /AluAir
(adsbygoogle = window.adsbygoogle || []).push({});
01-31-2012, 04:15 PM #2
Michael Collins's Avatar
Michael Collins
Gym leader
lol if you are stupid enough to pay a ransom you get everythging you deserve in my opinion,good job lfor etting the community know doh.

The following user thanked Michael Collins for this useful post:

xXGRIM_REAPERXx
01-31-2012, 04:29 PM #3
doxis's Avatar
doxis
< ^ > < ^ >
Originally posted by Michael
lol if you are stupid enough to pay a ransom you get everythging you deserve in my opinion,good job lfor etting the community know doh.


Some people has stuff on their facebook that is much more worth then money.
Imagine if they uploaded all their photos ect ect...
02-15-2012, 02:23 AM #4
Default Avatar
venyix
Guest
Originally posted by Docko412 View Post
i'm glad i use linux and don't have a facebook. :p


Don't know what that has to do with anything, we get it you can use Linux.
02-15-2012, 08:12 AM #5
tokzikate's Avatar
tokzikate
Gym leader
Originally posted by Docko412 View Post
well if you knew anything... linux can't be affected by viruses /facepalm

Linux can be affected by viruses, but since every linux distro is different, then if you got a virus to work on one distro, it might not work on another, so if you coded a virus you wouldn't infect many people.
That's why most viruses are coded for windows, as Windows is the most popular OS, and a virus coded to work on vista, will work on 7, and maybe XP.
02-15-2012, 03:07 PM #6
doxis's Avatar
doxis
< ^ > < ^ >
Just like Steve Jobs said, MAC cant get virus, mac can get virus, mobile devices can get virus, you mp3 can get a virus.
nothing is virus proof and this trojan in not even system based.
02-17-2012, 11:16 PM #7
Cory's Avatar
Cory
User needs a dick
Originally posted by Docko412 View Post
well either way like i said i don't have a facebook either and also each update you get can ruin those viruses also you can't really code a good virus to work on there as everything is open sourced and you can just get rid of it through root easily.

---------- Post added at 11:46 AM ---------- Previous post was at 11:42 AM ----------



no one ever said that mac can't get viruses and it depends what mobile device your talking about. if it's an iphone it really can't get viruses unless you jailbreak it. um android phones are basically linux under the hood so whatever virus you can get you can easily get rid of. as for this this seems more of a phisher than a trojan because it is web side also i didn't mean to say can't be affected with viruses i really just mean can't be affected with any good viruses.


Actually EVERYONE says Mac's are virus proof. If I were you I'd stop acting like your a computer technician now. You're not. /endof

The following user thanked Cory for this useful post:

Ehhx
02-18-2012, 04:38 AM #8
Cory's Avatar
Cory
User needs a dick
Originally posted by Docko412 View Post
when did i ever say i was a computer technician? huh? that's what i thought

no mac people users etc. say that it isn't impossible to get virses on a mac it's just very very hard. and their security is through the roof. also if you can you find me a report of mac computer that you have seen with a virus?
please do.
You must login or register to view this content.

You must login or register to view this content.

their is a couple articles that helps prove my point.

okay genius?



I said stop ACTING like a computer technician, which you were. If you ask any Mac fanboy they swear they can't get a virus. Okay Smartass? Don't bother replying as I won't say anything back. Good day.
02-22-2012, 12:05 AM #9
Pichu's Avatar
Pichu
RIP PICHU.
Wow, honestly.. If I got something like that towards my Facebook I would not give a crap. I don't really use Facebook a whole lot, so no difference to me. Happy
02-26-2012, 09:50 PM #10
Securing_Bravo's Avatar
Securing_Bravo
~ The Graphics Room ~
1) Set up an index page pretending to be facebook.com and demanding ransom to sign in using PHP/HTML You must login or register to view this content. You must login or register to view this content.
2) You must login or register to view this content.
3) You must login or register to view this content. + You must login or register to view this content.
4) Add this to host files 39.39.39.39 being the IP of your facebook ransom page: 39.39.39.39 69.171.224.11
5) Infect lots of Facebookers and enjoy profits

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo