Bad guys know any public exposure is not in their best interest. So,
with Zeus becoming a household word and the recent arrests, they know it's
time to move on. Meet Carberp, a relatively unknown financial malware.
Where do they get these names?
Carberp has the capacity to use both general and targeted attacks. It
also has new capabilities, making it deadlier than Zeus. The following
are some of the new features found in Carberp:

a.. Carberp does not require admin rights to run; it resides in
memory.
b.. It's capable of infecting Windows XP, Windows Vista, and Windows
7.
c.. It's designed to control all Internet traffic, including HTTPS
using EV-SSL.
d.. Stolen data is transmitted to command and control servers before
it's sent to the financial web site. That negates any advantage of using
one-time passwords.
It's scary, knowing Carberp can run without admin rights. It also means
Carberp must reactivate itself after a system restart. It accomplishes
this by copying the required process to the startup section of the
currently logged-in user.

Normally, that would make a file easy to find. But, Carberp's executable
chkntfs.exe is hidden. It can't be found with Windows Explorer or by
using the command line.

Thankfully, the way Carberp hides is also its Achilles Heel (I'll
explain later).

Carberp removes other malware!
Read: http://blogs.techrepublic.com.com/se...29&tag=nl.e036