This article is more than 1 year old
AT LAST: Australia gets its very own malware
Carberp and Cryptolocker target Aussies with local variants
Australians are being targeted by a new variant of the Carberp malware under what appears to be renewed criminal interest in the antipodes.
The modified trojan, Carberp.C, was spread through a spam operation masquerading as a payment invoice.
Virus writers pushed the malware out a day after coding it, Symantec researcher Roberto Sponchioni said.
"The malware authors obviously didn't waste much time between coding up and releasing," Sponchioni said.
"What's interesting about this Carberp variant is the number of components involved in the attack, which are used to hide the infection and to silently download additional encrypted payloads that are then injected stealthily into processes."
Payloads were downloaded from the command and control server and loaded into memory so it would remain invisible to the victim.
It came as modern malware did in 32 and 64 -bit flavours and could download additional plugins to maintain obscurity.
Sponchioni gained access to the plugin list32.dat which hooked APIs for username and password theft from various web browsers.
The attack was the latest in an uptick in malware attacks against Aussies. Ransomware was the most notable of the cyber crap slung Down Under with a 14-fold increase being reported globally and in Australia.
Last week Trend Micro and Deakin University found that between November 1 and 30 an Australian variant of CryptoLocker scored some 10,000 hits to redirection URLs from likely victims. ®