Inside Carberp botnet

Jump to navigation Jump to search

(Publication) Google search: [1]

Inside Carberp botnet
Botnet Carberp
Malware Carberp (bot)
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2011 /
Editor/Conference Malware Intelligence
Link (Archive copy)
Author Francisco Ruiz


Carberp traces its beginnings to early 2010, but has not been until the last months of the year in question when he jumped alert antivirus companies, after discovering some mechanisms used until then by a new malware.

This window of time, which enjoyed the malicious code associated with the botnet Carberp means, essentially, that has been operating for months with a very low detection rate. Even just a few of its features did warn some antivirus products Zbot confusing activity with the ZeuS trojan.
Carberp was filed in February 2010 as a trojan-downloader, which led to mid-September that this malware was listed as a trivial downloader designed to automate the process of downloading another piece of malware, when in fact it had become a very real threat complex.
On the other hand, Carberp is private and will not have any information on how to acquire the crimeware, which is evident in the few C&C has, and undoubtedly, this categorization of "resource criminal private" kept him, and yet does today, away from the detection rates.
This document presents a detailed description of each piece that integrates the criminal chain that is generated through Carberp. From their different generations, through the internal components to the marketing process Malware Kit.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR812,
   editor = {Malware Intelligence},
   author = {Francisco Ruiz},
   title = {Inside Carberp botnet},
   date = {22},
   month = Jun,
   year = {2011},
   howpublished = {\url{}},