Trojan-Spy.Win32.Carberp.epm
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 50 % (Medium) |
Infected Computers: | 69 |
First Seen: | April 3, 2012 |
Last Seen: | March 15, 2023 |
OS(es) Affected: | Windows |
The Trojan-Spy.Win32.Carberp.epm Trojan is a dangerous spy Trojan first detected in November of 2011. Law enforcement cracked down on the Russian creators of this severe malware infection and made a series of arrests in March of 2012. However, Trojan-Spy.Win32.Carberp.epm continues to be active and that criminals are still using Trojan-Spy.Win32.Carberp.epm to gain access to confidential information. Trojan-Spy.Win32.Carberp.epm belongs to a family of Trojans known as Carberp Trojan. These will often be delivered through known exploits, such as the JavaScript exploit JS/Blacole or through attack websites using Exploit kits like the Black Hole Exploit Kit.
Trojan-Spy.Win32.Carberp.epm has the capability to steal banking information as well as data belonging to many commonly-used applications. Trojan-Spy.Win32.Carberp.epm can also export any certificates installed on the victim's computer system, take screenshots of the victim's activity and save any keystrokes made on the infected computer's keyboard. The most dangerous aspect of Trojan-Spy.Win32.Carberp.epm is the fact that an infection with this malware threat is silent and triggers no symptoms on the victim's computer. Spy Trojans like Trojan-Spy.Win32.Carberp.epm rely on being able to remain in the victim's hard drive without being detected in order to steal information and send it to a remote server.
How Trojan-Spy.Win32.Carberp.epm Infects Your Computer System
Usually, Trojan-Spy.Win32.Carberp.epm will reside in the startup folder in the form of an executable file. It is designed to load into system processes in order to hide its own files. Trojan-Spy.Win32.Carberp.epm will download several plug-ins from a specific IP address. These plug-ins include a plug-in that allows Trojan-Spy.Win32.Carberp.epm to capture passwords that are used by various commonly used applications, a plug-in that gives this malware threat the ability to stop common security file processes, and one that, ironically, allows Trojan-Spy.Win32.Carberp.epm to detect and remove certain other malware on the victim's computer that may interfere with its own infection. Applications vulnerable to the password stealing plug-in included in Trojan-Spy.Win32.Carberp.epm infection include FTP applications, network software, Instant Messaging clients, email clients and web browsers. Trojan-Spy.Win32.Carberp.epm then sends this information to a remote server with a variable IP address or domain name. ESG malware analysts have observed that this server changes constantly but that almost all of its addresses point to locations in the Russian Federation.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.