There is a new type of malware out there that can detect what antivirus is running on the computer and then find ways around the software.
The information-stealing Trojan “Carberp” can detect which antivirus program is running on victimized PCs, said Aviv Raff, the chief technology officer at Seculert, an Israeli security firm.
Carberp’s use of an antivirus software profiler lets the Trojan’s makers evaluate the services to give them proof the scans are accurate.
In Carberp, Raff found a report on antivirus usage claimed products from Moscow-based Kaspersky Lab were the most-widely installed, with a 74% share. “This is probably because this botnet targets people from Russia,” he said.
“This is the first time that this feature has been used in a malware kit that is being sold in the underground, and therefore is used by several different cybercrime groups,” Raff said by e-mail.
Carberp has been on security firms’ radar screens since last fall, when TrustDefender and Trend Micro reported the Trojan attack kit was challenging Zeus as the weapon of choice for criminals targeting bank account theft.