Trojan-Spy.Win32.Varberp.epl

The Trojan-Spy.Win32.Varberp.epl Trojan belongs to the infamous Carberp family of Trojans, a group of spy Trojans that has been stealing confidential information from computer users since 2011. Trojan-Spy.Win32.Varberp.epl is one of the recent variants of the Carberp Trojan, detected for the first time in March of 2012. The origin of numerous Trojan-Spy.Win32.Varberp.epl infections in the radio-mowar.ru website, located on a Russian server. Normally, this website is harmless, but criminals have managed to hack into this website so that it will direct computer users to an attack a domain containing the Black Hole Exploit Kit. Like most versions of the Carberp Trojan, Trojan-Spy.Win32.Varberp.epl does not display any symptoms and can hide its own file processes quite effectively by hooking into common Windows file processes. This makes Trojan-Spy.Win32.Varberp.epl particularly dangerous, since prevention is often the most effective way of preventing an attack from this malware threat. Because of this, ESG security analysts strongly advise making sure that your security software, firewall and operating system, are all updated with the latest virus definitions.

How Trojan-Spy.Win32.Varberp.epl Steals Your Personal Information

Trojan-Spy.Win32.Varberp.epl is often installed alongside other variants in the Carberp family of Trojans. These infections work together in order to compromise the victim's computer system. Once installed on the victim's computer system, Trojan-Spy.Win32.Varberp.epl connects to its command and control server. ESG malware analysts have detected that this server's address changes constantly but that all known domains corresponding to this server have been located in the Russian Federation. From this server, Trojan-Spy.Win32.Varberp.epl downloads scripts Trojan-Spy.Win32.Varberp.epl uses to carry out its attack in full. There are three kinds of scrip packages that Trojan-Spy.Win32.Varberp.epl needs in order to function. The first of these carries out the actual spy functions. This group of scripts is designed to steal passwords from various applications, including FTP software, instant messaging programs, web browsers and email clients. The second of these plug-ins allows Trojan-Spy.Win32.Varberp.epl to disable many known security applications, effectively hiding its presence on the victim's computer. The third script package ironically disinfects your computer system, searching for other common banking and spy Trojans, such as the Zbot family of Trojans, and disabling them. ESG malware researchers believe that this is due to it interfering with Trojan-Spy.Win32.Varberp.epl's normal operation.