In an article on InfoSecurity, it has been reported that the Caberp bootkit malware source-code has been leaked and is freely available online… this will certainly lead to many, MANY more variations of the threat. The leak followed a “fire-sale” of the source code last week.
The leaked package of source codes contains Caberp bootkit, Stone bootkit, Citadel, Ursnif and other malware sources.
David Harley (malware researcher at ESET) is quoted as saying “The availability of source code for sophisticated malware is never good news. We can probably assume that there’ll be an upsurge in bottom feeders taking the opportunity to create new variants, and in the short term that will test and stretch the heuristic capabilities of security software.”
Carberp is a data-stealing trojan malware that has primarily been used in the past for stealing banking information (ID theft). It’s ability to be controlled and updated remotely make it well suited for both botnet and targeted use. It is believed that an internal conflict within the gang behind the trojan bootkit led to the initial offer to sell the code for $5000, but that the conflict has since escalated resulting in one member leaking the complete code to the entire internet.
“On the other hand,” added Harley, “it will also give labs that haven’t spent as much time dissecting it as my Russian colleagues a chance to catch up a bit. I’m hopeful that in the long term it will actually weaken the impact of the code, compared to the damage it did before law enforcement started to reel in the Carberp botnet organizers.”