While the eyes of the world (and the media) are turned towards the claims that Stuxnet and Duqu (and maybe Flamer) owe their existence to a no-longer-covert joint op between the US and Israel, in the more mundane world of cybercrime only the politics of profit rule. And in that world, the tug of war between criminals and the good guys continues.
Just a few days on from Aleksandr Matrosov's extensive recap on the evolution of the Carberp gang, as recounted in a presentation for CARO now available here, our friends at Group-IB report that another six people have been arrested. The Hodprot gang are said to have stolen 125 million roubles from customers of Russian banks since 2009, by exploiting the e-banking system. As the gang name suggests, they originally used the Hodprot malware but switched more recently to Carberp.
Group-IB provided assistance with forensic investigation and analysis to the Ministry of the Interior, and ESET researchers helped with the analysis of malicious software used by the gang. The official press release from the Ministry is here.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, ESET