July 11, 2013 No Comments-
I’m afraid I’ve got some bad news for those of us who do our accounts online: one of the most advanced viruses for attacking online banking is now free.
The malware – named Carberp – originally cost criminals $50,000 for a copy of its code, while the less affluent could rent it for between $2,000 to $10,000 a month. This changed a couple of weeks ago when Carberp’s code was released for free on a popular Russian hacking forum.
The release means that a huge swathe of criminals who previously couldn’t afford the code can now use it to attack people using online banking. This will undoubtedly cause a huge rise in the number Carberp-related infections, and a big increase in the number of people who will become victims of cyber crime. One security analyst even likened the release to “giving a bazooka to a child”.
A similar situation occurred a few years ago, when another piece of banking malware – ZeuS – reappeared after its source code was made available. While the release of ZeuS’ code didn’t bring about the end of the internet, it did cause a spike in infections, and many new variants of the virus (of which some are still in the wild).
How the worldwide code release will affect the popularity of Carberp is unclear, but one thing is for certain: we should all be even more vigilant over our internet browsing habits over the next few weeks/months.
How to avoid the malware
Some simple (but effective tips) to stay safe are:
▪ Don’t visit unsafe websites, such as those offering free eBooks, music, TV shows or films
▪ Don’t click any advert that seems too good to be true, including anything that says “YOU ARE A WINNER”
▪ If you user P2P file-sharing or BitTorrent, be extra careful of what your downloads might hold
▪ Don’t open unsolicited emails
Finally, make sure your computer and virus protection are kept up-to-date. With the increased popularity of Carberp, expect Microsoft and anti-virus companies to be in a hurry to fix the security holes the malware exploits. If you don’t keep your computer up-to-date, then you’ll be just as vulnerable in a few years as you are now.
On the bright side…
There’s just one good thing to come out of this release – it seems that the author of the Carberp virus had his files stolen, rather than getting paid the $50,000 he wanted.
It’s believed this is what happened because the Carberp release also includes some private instant messenger conversations involving the author, as well as a bunch of other data – not information you would voluntarily disclose if it had been a proper release.
We’re not saying it’s karma for carberp, but we hope he now has a better understanding of what it’s like to be stolen from.
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive