- News & Events
June 26, 2013
Now, here’s a “free for all” in both meanings of the term with every cybercriminal hopeful from nine to ninety, with a skill level marginally above Luddite, going into the online bank-robbery business. It’s like Pandora opening the box and giving it a swift kick to get the ills of the world moving faster.
It appears the Carberp Cybergang had some sort of falling out. So, instead of using Carberp to rob financial institutions themselves, some members decided to make money by selling the code online. There’s been some discrepancy about how much was charged. The Bootpocalypse’s blog – Hey, if Kim Kardashian and Kanye West can name their kid North (North West), why not The Bootpocalypse? – says until recently “it was still widely believe(d) to be only in the hands of people with $50k to spare.” Other sources said the number was more like $5k.
Now, evidently, the price is ZERO. Following is The Bootpocalypse’s account of how quickly the Trojan is transitioning to the “public domain.” Note, we have not edited The Bootpocalypse’s grammar or spelling.
By that same evening the rar file i had been given (apparently from a private board) had been posted on exploitin, a fairly easy to access Russian community, however the password was not posted.
Some time between the exploitin thread being posted and this morning, the rar password was revealed, on the same forum, but the post required members to have 150 posts in order to view.
About an hour ago a slightly incorrect version of the password is posted on darkode, an invite only English community, by someone from exploitin.
Less than 5 minutes after the darkode post, the password is posted twice on trojanforge, both times the thread is removed withing a few seconds.
[Added 22:20 UTC]: Corrected rar password has been posted on darkode.
[Added 22:39 UTC]: Password was just posted on public forum along with link to rar.
As of now it appears a much larger amount of public forum members have access to the source. Although the leak still seems fairly under control, the correct password has not yet been posted on any public boards, it looks as if we can expect a public leak in the next few hours. Password + rar has been posted in public for the first time. My predictions for the week ahead are strong winds, with a chance of bootkits and apocalyptic firestorms.
The news did indeed get worse. Andreas Baumhof, chief technology officer, ThreatMetrix, an internationally renowned cybersecurity expert, observed, “Everybody can find the 1.8GB Carberp file which is password encrypted. You can easily find the password for it on Twitter as well. Every little wannabe fraudster can now build sophisticated Trojans.”
To quote the famous forties actress Betty Davis, “Fasten your seat belts. It’s going to be a bumpy ride.” (For you nit-pickers, we know the quote is “going to be a bumpy night.” But, somehow the often used misquote says it perfectly.)
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Carberp, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Identity theft, Malware, Malware Protection, MitB, Mobile fraud, Online Fraud, ThreatMetrix, ThreatMetrix Cybercrime Protection Platform, ThreatMetrix Global Trust Intelligence Network, Trojan, Web Fraud