Source code for Carberp security threat leaks into the wild
Security is a big business on both sides of the line. Anti-virus companies scare customers with doom and gloom if you do not buy the wares, meanwhile, on the black-hat side of the fence, the sale of exploits is a lucrative trade. Now the source code for one of the biggest exploits, known as Carberp, has leaked and cut off reported sales that top $40,000.
Security researcher Peter Kruse from CSIS says that the firm has been "investigating this further and now confirms that we have the complete source code for Carberp and that the code compiles and works just as descripted in the associated text files included in the package".
A similar event occurred when the ZeuS source code leaked back in May, 2011. With Carberp, the leak came from within, as a member of the team announced on an underground forum that he is willing to sell the source code for the Trojan program and its additional components for $5,000 -- quite a bargain basement price.
Carberp has largely been used to attack online banks in Russia, Ukraine, Belarus, Kazakhstan, Moldova and other former Soviet Union states. However, the attacks have just migrated to the United States and Australia.
Most are familiar with the old phrase "there is no honor among thieves". This latest story only goes one step further in confirming the old adage.