Carberp Beating Two Factor Authentication

TrustDefender Labs has released an analysis into how the new Trojan Carberp infiltrates websites and highlights the impressive JavaScript injection code used.

Those behind Carberp spent time not just on the configuration file, but also making sure they have a method in place to compromise two factor authentication schemes. The Trojan uses heaviliy dynamic JavaScript hosted on a valid HTTPS website.

Andreas Baumhof, CTO of TrustDefender comments, "The evolution of Trojans such as Carberp highlights how Trojans use complex behaviour to employ intelligent guises and commit fraudulent activity. Financial institutions and enterprises need to provide appropriate security, beyond traditional AV software to reduce the risks of fraudulent activity."

Pete Prestipino

Digital marketing executive with proven experience in all aspects of search engine optimization (SEO), performance-based advertising, consumer-generated/social media, email marketing, lead generation, Web design, usability, and analytics. - 20-year Internet marketing veteran, currently serving as the Digital Marketing Campaign Manager at Antenna Group (formerly Chicago Digital). - Former Editor-In-Chief of Website Magazine, and a regular speaker on Web technology digital marketing strategy - Author of several books on digital marketing Including Web 360: The Fundamentals of Web Success; Affiliate 360: The Fundamentals of Performance Marketing; Domains 360: The Fundamentals of Buying & Selling Domain Names, and SEO 360: The Fundamentals of Search Engine Optimization.