G DATA: Project Cobra malware attacks large networks
January 2015 by G DATA
Experts at German security provider G DATA have discovered and extensively analysed a new variant of a highly-complex digital spyware strain. In their analysis, the security experts prove that Carbon System, the output of Project Cobra, has similarities to Uroburos and Agent.BTZ and in all probability comes from the same developers.
The cyber espionage tool is a re-engineering of Agent.BTZ and a precursor of Uroburos. Carbon System is designed to work in large networks belonging to companies, authorities, organisations and research institutes. Even though Uroburos is an evolved version of Carbon System, the latter is still active. Unlike its successor, Carbon System does not launch an attack at the kernel level, but remains at the user level. As with malware in this group that has already been investigated, the malware is designed with a modular structure. This modularity enables the attackers to download malware to suit the specifications of the target system. The attackers can deploy Carbon System in a version tailor-made for the target system and even modify it subsequently. G DATA security solutions detect and block the malware.
Detailed information on Project Cobra and Carbon System can be found on the G DATA SecurityBlog: