14 DAY TRIAL // RSA experts learned that the developers of the notorious Carberp Trojan are selling and renting their creation for anyone who wants to make a profit through cybercriminal methods.
While some malware developers have decided to offer their creations only to select customers in order to avoid being tracked down by law enforcement, others decided to offer their crime kits to anyone who’s willing to pay.
Carberp, or Syscron, has been around since June 2010. At first, its creators were using it only for their own malicious purposes, but in February 2011 they decided to sell the kit for $10,000 (€8,000), a price that well exceeded the one of ZeuS or SpyEye.
After selling it to a number of cybercriminals, they decided to pull it off the market and only continue to provide support for existing customers. However, that promise wasn’t kept and everyone thought that Carberp had disappeared.
Now, the creators have apologized for losing contact with their customers and they’ve come forward with a new version which they’re currently selling for $40,000 (€31,000). They’re also renting it for monthly fees ranging between $2,000 (€1,500) and $10,000 (€8,000).
Customers can choose to buy the new and improved bootkit version or they can purchase updates for the old variant.
The new bootkit has been found to integrate parts from the Rovnix Trojan – a threat that infects the Volume Boot Record (VBR) – and it has been linked to the notorious BlackHole exploit kit.
It’s uncertain whether there’s a connection between the gangs that provide these malicious elements but, as RSA cybercrime and online fraud communications specialist Limor Kessem highlights, it’s clear that the Carberp group is determined to increase its profits.
“Albeit available to all, the high price tag on Carberp’s more sophisticated features will likely prove to be too out of reach for common cybercriminals,” Kessem wrote.
“Although Fraud-as-a-service is known to lower the barrier for entry and makes life easier for newbie fraudsters, this latest version of the Carberp Trojan may confirm that the highest levels of cybercrimeware are still reserved for the elite and privileged few; malware does not come with an installation wizard—yet.”