This is a first for the Carberp programmers, which up to now had never distributed its malware to the public, alleged Limor Kessem, communications specialist and team leader for RSA Security’s FraudAction team.
The latest edition of the banking malware comes with strengthened data-stealing capabilities and the addition of the Rovnix bootkit and builder kit for a hefty $40,000 price tag. The Carberp update is already being distributed for the holiday season.
For fees ranging between $2,000 and $10,000, buyers can purchase the kit as a service, sans the builder and bootkit.
The addition of the Rovnix bootkit is an especially interesting twist in that it infects a computer’s volume boot record, giving it ring0 privileges and making not only difficult to detect, but clean up, Kessem said.
“This is more sophisticated and costly than other malware; we’ve seen no one charge $40,000 for malware. They don’t feel it’s an exaggerated price,” Kessem said. “We haven’t seen who’s buying it, but they believe there will be demand. You have to have resources and know-how to operate the malware. Malware doesn’t come with an install wizard. You have to have knowledge about systems and Windows internals; it’s not simple to do. Whoever buys this will have to know what they’re doing.”
