Search This Blog

Showing posts with label Carberp. Show all posts

Hacking the Hackers :Carberp Panel vulnerable to Remote Code Execution

Recent Carberp source code leak gave an opportunity for researchers to investigate the bootkit and other components of the Trojan.  While everyone are looking at the source code of malicious parts, a security researcher has shown an interest in investigating the Panels source code.

Steven K, a security researcher from France, who is running the xylibox blog, has discovered a two security vulnerabilities in the Carberp's Panel -  IP Spoofing and Remote Code Execution.

Remote Code Execution is one of the critical security bug that allows hackers to inject and execute commands in the vulnerable server.

Vulnerable code

Researcher found the "data" parameterer in the post request is vulnerable to Remote Code Execution vulnerability.  He has also made a Proof-of-concept code to exploit the vulnerability.

He successfully exploited the bug and compromised the Database Username, password and Auth Key.  The bug also allows you to run the "wget" command to download the backdoor.

The code apparently shows the cybercriminals who is behind the Carberp Trojan are not good in secure web application coding compared to Malware coding.

Six more Carberp scammers arrested by Russian Authorities

Russian Authorities arrest six more individuals on suspicion of being involved in the 'Carberp' scam.

The gang used Carberp and Hodprot malware to commit online banking fraud. It is believed that the gang stole more than 110 million rubles (2.5 million EUR or $3.2 million) from the clients of Sberbank and other banks.

The arrest follows the similar crack down by Russian Authorities in March , arrested 8 members.

Authorities have detained the cybercriminals with the aid of Group-IB, a Russian security firm that specializes in computer crimeinvestigations and computer forensics.

Russian cops arrest 8 in notorious Carberp Banking Trojan case

Russian police arrest eight individuals in Moscow on suspicion of making millions in electronic banking fraud with a Banking trojan known as 'Carberp' . The arrested suspects include two unnamed brothers, aged 29 and 32, whom Russian cops believe to be the ringleaders of the gang.

According to the MVD statement, the hackers made more than 60 million roubles(£1.3m) with their trojan. Apparently, the hackers rented an office in Moscow, pretending to be a legitimate IT company.

"Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialised banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infection," said Ilya Sachkov, CEO of Group-IB, a security firm that helped investigate the gang's attacks.
During the raid in the suspects' home and office, The police had recovered numerous ATM cards, forged documents and 7.5 million roubles (about £162,000) in cash.

Suspects face charges for various offences including 'Illegal access to computer information','malware distribution' and theft. If they are convicted, they will face charges punishable with 10 years in prison