Carbon Form Grabber BOTNET - All Browser Intrusion !

I bring to you a brand new product! This is really very cool! This form grabber was written from scratch with the customer in mind.

we have made a web panel that is very intuitive, easy to use and sleek! This product was made for new comers and for pros,
it will suit the needs of any user with our easy to use panel and our advance features, this product is the best of both worlds.  

 The Carbon Form Grabber created by AlexHF runs on 32-bit and 64-bit platforms and exhibits some semi-persistence.  the Carbon Grabber is composed of a Builder and an intuitive PHP Panel.
The Carbon Grabber is able to capture logins and passwords from SSL & HTTP webpages in Chrome, Firefox and Internet Explorer.
The kit contains the following features :

• Startup (Hidden) - Meaning the process doesn’t appear in the Windows Task Manager.
• Userkit (x86 & x64 )
• Injection
• Chrome SSL & HTTP Grabber
• Firefox SSL & HTTP Grabber
• Internet Explorer SSL & HTTP Grabber
• Intuitive PHP Panel
• Escalate to Administrator Privileges - Apparently performed via runas

Features

* Startup ( Hidden)
* Userkit(x86 & x64 )
* Injection
* Chrome SSL & HTTP Grabber
* Firefox SSL & HTTP Grabber
* Internet Explorer SSL & HTTP Grabber
* Intuitive PHP Panel
* Escalate to Administrator Privileges.


Contact NitRo on Ymessenger for SETUP files or SETUPS - Ymessenger ID- nitro_ice9@yahoo.com

Newest Zeus banking Trojan is Born, ZeusVM

NOTORIOUS BANKING TROJAN Zeus is back in another variant, security firm Malwarebytes has warned.
Dubbed ZeusVM, the modded version of the infamous Trojan is being distributed in many different ways, but typically through phishing emails or web-based attacks, including "malvertising", whereby people are infected by visiting websites containing malicious ads.
"The Zeus/Zbot Trojan is one the most notorious banking Trojans ever created; it's so popular it gave birth to many offshoots and copycats,"

"The particularity of Zeus is that it acts as a 'man in the browser', allowing cyber-crooks to collect personal information from its victims as well as to surreptitiously perform online transactions.
"A new variant of this Trojan, dubbed ZeusVM, is using images as a decoy to retrieve its configuration file, a vital piece for its proper operation."
Malwarebytes senior security researcher Jerome Segura explained that there are various parts to this piece of malware. While the main executable - the bot - will bury itself into your computer and ensure it is reactivated every time you reboot, at regular intervals it also checks with its command and control server for new instructions while monitoring user activity.
"The JPG contains the malware configuration file which is essentially a list of scripts and financial institutions - but doesn't need to be opened by the victim themselves," Segura said.
"In fact, the JPEG itself has very little visibility to the user and is largely a cloaking technique to ensure it is undetected from a security software standpoint."

This enables a "man in the browser' attack where everything the victim does while browsing can be intercepted and modified at will.
"Visiting certain URLs, such as a bank website, will trigger an alert and the Trojan will start interacting in real-time. For example, it will alter the login page and ask for additional personal details, which it does using a technique known as 'webinjects', where code is injected directly into the browser, changing the webpage in real time," he added.
It can also perform wire transfers while the victim is logged in, Segura said, and even alter the appearance of the current account balance to ensure that it remains unnoticed.
although most anti-malware products should detect banking Trojans, traditional anti-virus software products might not.

"It only matters if the detection is timely. There's little use if you have been infected for two days and your account has already been depleted," the firm said, advising that observing basic security tips like "not opening email attachments unless you are absolutely sure it is safe" will help.
However, while Malwarebytes recorded a new variant of the popular Zeus trojan, security firm Fireeye has said that hackers are dropping standard malware like Zeus in favour of more advanced but harder to use remote access Trojans (RATs) such as Xtreme RAT.

Xtreme RAT is a notorious RAT that has been freely available on a number of cyber black markets since June 2010. The RAT is dangerous as it can be used for a variety of purposes, including interacting with the victim machine via a remote shell, uploading and downloading files, interacting with the registry and manipulating running processes and services

Neverquest banking malware Partners Zeus trojan

New Neverquest malware steals bank account logins and lets attackers access accounts through victims' computers.

For over five years, Zeus has been the undisputed king of banking malware. Once this trojan was loaded onto a victim's machine, it could:

• Detect when the owner entered banking information into a web browser.
• Steal passwords and other pertinent login information.
• Encrypt the stolen information and send it to the attacker's specified servers.

Zeus was also one of the first pieces of malicious software to be sold under a license. For the right price, anyone could use it.
Zeus remains active today, but its source code was published online in 2011 and this cyberscourge has about run its course. Unfortunately, Security experts are already sounding the alarm about a new piece of malware that makes Zeus look like a simpleton. Neverquest significantly raises the bar for online banking malware.

How Neverquest works

Like Zeus, Neverquest is a Trojan. Bad guys introduce Neverquest to the victim’s computer via social media, email, or file transfer. According to the security blog Threat Post, Neverquest replicates in a manner similar to the Bredolab botnet client:

"Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet."

Before it was shuttered, the Bredolab botnet consisted of 30 million computers. Why not use something that works?
If the victim’s computer is vulnerable to an exploit targeted by Neverquest’s trojan loader; the malware is installed. Then Neverquest starts paying attention to what the user is typing into their web browser. If a predetermined financial term is recognized, Neverquest checks the website domain name. Since, Neverquest has hundreds of banking and financial institutions in its database; there’s a better than average chance Neverquest will be familiar with the banking website.
Once Neverquest recognizes a banking site, it will relay the login information back to the attackers’ command and control server. Once the victim's credentials are in the hands of the attackers, they will remotely control the victim's computer using VNC, log into the victim's banking website, and do one of the following:

• Transfer money to different accounts
• Change login credentials, locking out account owner
• Write checks to money mules

And to make matters worse, banking sites are unable to distinguish the victim's login from that of the attacker using Neverquest.
One capability Neverquest has that Zeus doesn’t, is the ability to cultivate new banking sites for its database. If the malcode recognizes certain financial terms, but not the domain; Neverquest will send the information back to the command and control server which then creates a new identity, and updates every compromised computer under its control.

Neverquest in the wild

One sobering reality is that Neverquest is already for sale. Zeus, being “first of its kind” malware, required skilled controllers. Not so with Neverquest, script kiddies and malware non-experts are able to make use of the potent malware as soon as they buy it.