Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .
The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.
Group-IB's joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.
"Win32/Carberp: When You're in a Black Hole, Stop Digging" aggregates most of our published material on Carberp into a single resource.
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.
In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 -- one of the best presentations of the workshop, in my unbiased opinion ;-) -- Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.
... I haven't recently posted any pointers to our content on SC Magazine's Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far...) ...
My Russian colleague Aleksandr Matrosov reports that this week he received an interesting sample from forensic investigation specialists Group-IB. The threat in question is detected by ESET products as Win32/Sheldor.NAD, and coverage by other vendors is reasonable: see http://www.virustotal.com/file-scan/report.html?id=9f3ff234d5481da1c00a2466bc83f7bda5fb9a36ebc0b0db821a6dc3669fe4e6-1294926672. The interesting feature of this sample is that it uses the TeamViewer 5.0 standalone component to effect remote control of the
...behaviour like this has been observed in other versions of Zeus. The really interesting discovery in this case is associated with the way in which these samples search for logical devices attached to an infected computer....