The Carberp Code Leak

The source code for Carberp, reportedly selling for $40,000 a pop, is now out. A report of its leak started spreading a week ago and RSA FirstWatch were able to confirm through our own digging and research that the code is really available online. As days gone by, the link where to access the source code has been spreading like wildfire.


The Assembly Line Approach to Creating Malware

Most kits, especially those that use time as a seed, can produce infinite amount of malware samples. As long as time exists, these kits will produce unique malware samples. Each sample creation is then subjected to different kinds of armoring tools. Each of these armoring tools add a level of difficulty when analyzing and reversing malware but most importantly it adds different protective mechanisms designed to evade security solutions such as anti-sandboxing techniques, encryption, benign program binding/joining, and many more to the DiY kit created sample. After going through different armoring tools, the samples are then QA’ed to ensure any security products do not detect it. This is the final step of the process. The result is an army of armored malware.