

Users who contract Carberp may get a nasty surprise when trying to access Facebook

Source: Trusteer Security specialists at Trusteer have discovered a variant of the Carberp trojan that pretends to suspend a user's Facebook account. The malware hooks into the victim's browser and intercepts requests that are sent to Facebook's servers.

When a user tries to access the social network, the malware displays a message saying that the account has been temporarily suspended, and that a payment of €20 is required to verify the user's personal data. Payment is to be made via Ukash – an anonymous payment system that doesn't allow recipients to be traced.

Carberp's behaviour is similar to that of the now widespread variants of the BKA trojan, which lock down victims' computers and claim that they will only be unlocked once a payment has been made. This type of malware is referred to as ransomware; in most cases, paying the ransom has little or no effect.

Carberp is a trojan toolkit that criminals have primarily used to compromise online banking facilities. It spreads using methods such as compromised PDF and Office files, and contains remote control functions that allow it to accept and execute arbitrary commands from the botnet operators.

(crve)