The source code for banking malware Carberp has been released online on cybercrime forums – raising the possibility a new wave of attacks using variants of the sophisticated Trojan.
Carberp is a Trojan often used to steal banking details. It originated in the former Soviet states, but has since been used around the world. The leak follows reports that a member of the gang behind Carberp attempted to sell the source code on cybercrime forums for $5,000, according to a report in Computer World.
This week, Ucha Gobejishvili, a Georgian security researcher, posted a screenshot on Twitter, showing that at least part of the source code had appeared on cybercrime forums. Russian researchers said that they expected the code to be shared further on forums in coming days, according to a report in PC World.
ESET Senior Research Fellow David Harley said in an interview with Infosecurity Magazine, “The availability of source code for sophisticated malware is never good news. We can probably assume that there’ll be an upsurge in bottom feeders taking the opportunity to create new variants, and in the short term that will test and stretch the heuristic capabilities of security software.”
“On the other hand, it will also give labs that haven’t spent as much time dissecting it as my Russian colleagues a chance to catch up a bit. I’m hopeful that in the long term it will actually weaken the impact of the code, compared to the damage it did before law enforcement started to reel in the Carberp botnet organizers.”
“The Carberp cybercrime group was one of the first groups to make massive use of specialist malware designed to target remote banking systems for fraud operations against major Russian banks,” says ESET researcher Aleksandr Matrosov in a detailed analysis of the history of Carberp and groups which use it.
Author Rob Waugh, We Live Security