Carberp gang arrested in Russia after victimizing Russians

Filed Under: Data loss, Featured, Law & order, Malware, Vulnerability

Mal/Carberp-AThe Russian Office of the Interior Ministry and the Federal Security Service (FSB) announced today the arrest of eight suspects connected with the distribution and use of the Carberp malware.

The men are accused of stealing more than 60 million Rubles ($2 million USD) from the bank accounts of more than 90 fellow citizens. The group was organized by two brothers, one 29 years old, the other 26, while the others involved appear to have been money mules or "cashers".

The older brother was released on a 3 million Ruble ($100,000 USD) bond, the younger brother was jailed related to earlier charges of real estate fraud and the other six remain under house arrest

Carberp has been associated with the Blackhole Exploit Kit in the past and was likely installed onto victim computers through drive-by installs exploiting unpatched Java vulnerabilities.

ATM machine behind barsIt appears the brothers would collect credentials for popular online banking sites in Russia and transfer funds from the victims to accounts they controlled. They would then send out the cashers to go to Moscow area ATMs to retrieve the cash.

To facilitate their activities the men rented office space in Moscow under the guise of a legitimate computer services company.

During the raid the police confiscated computers, bank cards, notary equipment and more than 7 million Rubles ($240,000 USD) in cash.

The men face up to 10 years in prison if convicted of the crimes. They are accused of illegal access to computer information, the creation, use and dissemination of harmful computer programs (malware) and theft.

I'm not sure if these guys have a sense of humor, but one of the variants analyzed by SophosLabs called home to its command and control servers to the domain fromamericawhichlov-DOT-com.

I suppose the most interesting bit is that it is illegal to create, use or disseminate malware in Russia. Considering the quantity of spam, fake anti-virus and other malicious content flooding victims daily that originates from Russian partnerkas you would be forgiven if you thought it was allowed.

The lesson learned is don't target Russians if you want to commit bank fraud from Russia.

, , , , ,

You might like

2 Responses to Carberp gang arrested in Russia after victimizing Russians

  1. Nebbish · 894 days ago

    Now if there were still a few old school gulags left in Russia for these folks, we'd all be happy.

  2. "gunner" · 893 days ago

    the comrades have been found to be suffering from a salt deficiency, da? there is a cure for that. a pick, shovel and wheelbarrow.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.