In association with heise online

21 March 2012, 19:04

Carberp trojan generated £2.8 million

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Botnet icon Eight individuals were arrested in Moscow yesterday (Tuesday) on suspicion of having made up to £2.75 million with a banking trojan. Known as Carberp and first sighted in autumn 2010, the trojan toolkit specialises in intercepting users' banking data and transferring it to a command & control server. The trojan also managed to bypass the User Account Control (UAC) technology that was introduced with Windows Vista.

The Russian intelligence service, FSB, arrested the men in a joint operation with Russian security firm Group-IB and the Russian Interior Ministry, MVD. According to a statement by the MVDRussian language link, the hackers made over 60 million roubles with their trojan – about £1.3 million. The security experts mention a significantly higher amount: according to a statement by Group-IB, the Carberp haul amounted to 130 million roubles (£2.8 million) in the last quarter alone.

Apparently, the hacker group even rented offices in Moscow, pretending to be a legitimate IT company. During yesterday's raid, the investigating officers impounded numerous ATM cards, forged documents and 7.5 million roubles (about £162,000) in cash.

The MVD said that Carberp was deployed on victims' computers via drive-by downloads from infected web sites. In addition to the banking trojan itself, the malware also installed the RDPdoor backdoor (aka "Antavmu"), which added the compromised system to a botnet. Carberp intercepted victims' banking data in the browser and passed it on to the criminals. They then proceeded to transfer amounts of money to their own accounts, from where the money was withdrawn at ATMs by couriers.

The arrested individuals include two brothers, the older of whom has already been released on bail. The younger brother remains in custody because of a prior conviction for property fraud; the other six suspects have been placed under house arrest. They face charges for creating and deploying malware as well as theft and illegally accessing computer data. In Russia, these types of offences are punishable with 10 years in prison.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit