Carberp Botnet Lifecycle Infographic

Tuesday, July 02, 2013

Tripwire Inc


Posted by Ken Westin

Last week the source code for the “Carberp” botnet creation kit  was posted online and released to the masses creating a huge problem for security teams around the world.

Carberp is sophisticated, modular and persistent malware utilizing advanced obfuscation techniques to evade detection, removal and the ability to disable anti-virus. It also offers malware developers the ability to customize the malicious package statically as well as dynamically via a remote command and control server.

Together, these factors  make it extremely difficult to detect and eradicate, particularly as it allows the malware to adapt to its environment.

Carberp Infographic: How Carberp Works

The security community expects a number of copycat malware applications to be deployed from this kit. The original Carderp botnet netted its users $250 million throughout Russia and the Ukraine.

Although the original botnet ring has been arrested the code continued to live on and become more sophisticated, selling originally for $40,000 the majority of the code is now available several places on line.

The infographic above shows an overview of Carberp’s lifecycle once it infects a system. Given the modularity and customizable nature of the kit, the malware can be modified to utilize different plugins and other attack methods and it is expected that more sophisticated versions will be in the wild soon.

Cross Posted from Tripwire's State of Security

Possibly Related Articles:
Viruses & Malware
malware trojan Carberp
Post Rating I Like this!
Sheila Santos Thanks, I enjoyed the article and the infographic, very informative.
Kim kim
Ce fut un excellent article. Il a un contenu précieux sur ce sujet. Merci de le compiler dans un format facile à lire et bien écrit après.
akikah tangerang The best way for a merchant to be safe is to consult a QSA after buying the solution. With all of the changes in the payment industry right now, it's better to be safe than sorry.
Kaka Lex I actually rather like this |
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.