Last week the source code for the “Carberp” botnet creation kit was posted online and released to the masses creating a huge problem for security teams around the world.
Carberp is sophisticated, modular and persistent malware utilizing advanced obfuscation techniques to evade detection, removal and the ability to disable anti-virus. It also offers malware developers the ability to customize the malicious package statically as well as dynamically via a remote command and control server.
Together, these factors make it extremely difficult to detect and eradicate, particularly as it allows the malware to adapt to its environment.
The security community expects a number of copycat malware applications to be deployed from this kit. The original Carderp botnet netted its users $250 million throughout Russia and the Ukraine.
Although the original botnet ring has been arrested the code continued to live on and become more sophisticated, selling originally for $40,000 the majority of the code is now available several places on line.
The infographic above shows an overview of Carberp’s lifecycle once it infects a system. Given the modularity and customizable nature of the kit, the malware can be modified to utilize different plugins and other attack methods and it is expected that more sophisticated versions will be in the wild soon.
- BSidesLV Preview: Using Machine Learning for Security Analytics
- Analysis of Korean War Anniversary Cyber Attack and Malware
- BSidesLV Preview: Open Source Pentesting and Forensic Distribution
- Mobile Antivirus: FUD, Fact and Fiction
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock