Win32/Carberp Gang on the Carpet

Win32/Carberp Gang on the Carpet

Group-IB's joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.

Group-IB’s joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.

[Update: police have issued a video of the man they say ran the whole group.]

We've spent quite a lot of time on this blog in the last year or more discussing Win32/Carberp, which has also found its way into the occasional paper and presentation.

So it gave us particular pleasure to see that our friends at Group-IB have reported on their joint investigations with Russia's Federal Security Service (FSB) and Ministry of the Interior (MVD), resulting in the arrest of a gang of eight accused of offences under the Russian Federation's Criminal Code including larceny, creation and distribution of malicious software, and unauthorized access to computer information.

Group-IB have identified them as using Win32/Carberp and Win32/RDPdoor in pursuit of criminal profit, going beyond stealing banking credentials and plundering bank accounts to DDoS (Distributed Denial of Service) attacks. It's been suggested that if convicted, they can expect sentences of up to 10 years.

I'm looking forward to hearing more about joint research into Carberp and Blackhole in a presentation from Aleksandr Matrosov, Eugene Rodionov, Dmitry Volkov and Vladimir Kropotov at CARO 2012 later this year.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Discussion