Carberp

The original version of Carberp was something of a typical Trojan. It was designed to steal users’ sensitive data, like online banking credentials or username-password combinations for other high-value sites. Carberp relayed the information it stole back to a command and control (C&C) server under its creator’s control. Simple and straightforward. The only tricky component was the complicated rootkit functionality, allowing the Trojan to remain unnoticed on the victim’s system. The next generation of Carberp added plug-ins: one that removed anti-malware software from infected machines and another that tried to kill off other pieces of malware should they exist.

Things got more interesting when its maintainers gave their trojan the ability to encrypt stolen data as it passed between affected machines and their C&C server. According to researchers, Carberp represented the first time that a piece of malware used a randomly generated cryptographic cipher rather than a static key.

At one point, Carberp started working in conjuncture with the most-notorious Blackhole exploit kit, generating an enormous uptick in infections. All was going well for Carberp and its authors. They had even managed to develop a Carberp module on Facebook that tried to trick users into handing over e-cash vouchers as part of a ransomware-type scam.

According to researchers, Carberp represented the first time that a piece of malware used a randomly generated cryptographic cipher rather than a static key.
From there, things went downhill a bit. Russian authorities nabbed eight men believed to be responsible for controlling the malware, but Carberp did not die. Since then there has been no shortage of Carberp sabotage attempts and arrests. At one point, criminals seeking to deploy the tool would have to pay $40,000 for access to it until its source code was released last year, giving nearly anyone with enough know-how access to the trojan.