Skip to Main Content

Carberp Beating Two Factor Authentication

Posted on 12.10.2010

TrustDefender Labs has released an analysis into how the new Trojan Carberp infiltrates websites and highlights the impressive JavaScript injection code used.

Those behind Carberp spent time not just on the configuration file, but also making sure they have a method in place to compromise two factor authentication schemes. The Trojan uses heaviliy dynamic JavaScript hosted on a valid HTTPS website.

Andreas Baumhof, CTO of TrustDefender comments, “The evolution of Trojans such as Carberp highlights how Trojans use complex behaviour to employ intelligent guises and commit fraudulent activity. Financial institutions and enterprises need to provide appropriate security, beyond traditional AV software to reduce the risks of fraudulent activity.”

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo