CSO - With the previously $40,000 Carberp Trojan's source code now freely available, experts expect exceptionally destructive variants of the malware to flow onto the Internet.
Carberp-based malware is expected to take advantage of the bootkit module packaged with the code, making the variants unusually difficult to remove. When an infected computer is turned on, the bootkit driver is the first to load, giving the criminals behind the malware control over any other software.
"The bootkit gives a significant improvement to the malware," Etay Maor, manager of Trusteer's fraud prevention solutions, told CSO on Wednesday. "It helps it stay covert on the computer and it helps it stay persistent. It's really hard to get rid of it."
Researchers discovered this week an online forum that had a link to a hosting site where an archive file containing the source code and bootkit could be downloaded. Security experts who follow the Carberp gang, most from Ukraine and Russia, believe infighting led to the code release.
