Carberp: it’s not over yet
(Publication) Google search: [1]
| Carberp: it’s not over yet | |
|---|---|
| |
| Botnet | Carberp |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | Carberp (opération) |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / March 26, 14:59 |
| Editor/Conference | Kaspersky lab |
| Link | http://www.securelist.com/en/blog/694/Carberp its not over yet (Archive copy) |
| Author | Vyacheslav Zakorzhevsky |
| Type | |
Abstract
“ On 20 March, Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. This is very good news, but unfortunately does not mark the end of the Carberp story.
Evidently, those arrested were just one of the criminal gangs using the Trojan. At the same time, those who actually developed Carberp are still at large, openly selling the Trojan on cybercriminal forums.
Here is a recent offer for the ‘multifunctional bankbot’, which appeared on 21 March:
A post advertising the sale of CarberpThere are still numerous ‘affiliate programs’ involved in the distribution of Carberp, particularly “traffbiz.ru”.
We detected a new Carberp distribution incident on 21 March. Infection was initiated at radio-moswar.ru, a website devoted to the MosWar online browser game.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR956,
editor = {Kaspersky lab},
author = {Vyacheslav Zakorzhevsky},
title = {Carberp: it’s not over yet},
date = {26},
month = Mar,
year = {2012},
howpublished = {\url{http://www.securelist.com/en/blog/694/Carberp_its_not_over_yet}},
}