According to Ken: “Last week the Carberp Botnet Creation Kit source code was released to the masses creating a huge problem for security teams around the world.
Carberp is sophisticated, modular and persistent malware utilizing advanced obfuscation techniques to evade anti-virus, detection and removal. It also offers malware developers the ability to customize the malicious package statically as well as dynamically via a remote command and control server. Together, these things make it extremely difficult to detect and eradicate because it allows the malware to adapt to its environment.
This really is a bit of a doomsday scenario – everyone in the security space is scrambling to figure out how to defend against this malware.
The security community expects a number of copycat malware applications to be deployed from this kit. The original, less sophisticated botnet used was very successful and netted its users $250 million throughout Russia and the Ukraine. Although the original botnet ring has been arrested, the code continued to live on and has become much more sophisticated.
Even though Carberp was originally designed to steal banking credentials, the modular aspect of the code and the ability to download and create custom plug-ins make it freakishly easy for even unsophisticated attackers to successfully attack a wide range of targets. When this code is weaponized it can be used by hackers to launch DDoS attacks as well as a range of other malicious actions targeting your computer at home and enterprise networks everywhere.As if these problems aren’t serious enough, the Carberp command and control servers have been discovered to be riddled with their own vulnerabilities creating a new level of complication. It’s very likely that unsophisticated attackers will leverage this malware to build massive botnets only to have them taken over by one or more third parties their own malicious agendas.”
The infographic from "Tripwire Carberp Infographic"
DETAILS
CARBERP BOTNET LIFECYCLE INFOGRAPHIC
Last week the source code for the “Carberp” botnet creation kit was posted online and released to the masses creating a huge problem for security teams around the world.
Carberp is sophisticated, modular and persistent malware utilizing advanced obfuscation techniques to evade detection, removal and the ability to disable anti-virus. It also offers malware developers the ability to customize the malicious package statically as well as dynamically via a remote command and control server.
Together, these factors make it extremely difficult to detect and eradicate, particularly as it allows the malware to adapt to its environment.
The security community expects a number of copycat malware applications to be deployed from this kit. The original Carderp botnet netted its users $250 million throughout Russia and the Ukraine.
Although the original botnet ring has been arrested the code continued to live on and become more sophisticated, selling originally for $40,000 the majority of the code is now available several placeson line.
The infographic above shows an overview of Carberp’s lifecycle once it infects a system. Given the modularity and customizable nature of the kit, the malware can be modified to utilize different plugins and other attack methods and it is expected that more sophisticated versions will be in the wild soon.