There is welcome news today of the arrests of 8 individuals in Russia by the Russian MVD, or Ministry of Internal Affairs (Ministerstvo Vnutrennikh Del). Gary Warner (University of Alabama at Birmingham) has a great write-up of the arrests over on his blog, “Cybercrime and Doing Time”, so I will not reproduce the details here.
Having said that, I just wanted to point out that this is yet another great example of international collaboration between both private industry research and international law enforcement. I certainly hope that we see more of this in the future, such that serious Internet criminals do not think that they are outside the reach of the “long arm of the law”.
Cybercriminals should not think that they can successfully hide in any particular country or jurisdiction and avoid prosecution due to differences in international laws. This – and other recent arrests in Eastern Europe – shows that the international reach of law enforcement can also reach them.
As mentioned in Professor Warner’s blog, Trend Micro Threat Research did quite a bit of research into CARBERP a couple of years ago, especially into the area of enumerating targeted victims. We saw victims in Government, Industry, and Academia all targeted, showing the wide swath of victims who unwittingly had funds stolen from their bank accounts.
CARBERP is a particularly nasty banking Trojan, with the capability to to install itself without Administrator Privileges, effectively defeating Windows 7 and Vista’s User Account Control (UAC) feature.
While we have not seen the same volume and popularity of CARBERP as we have with ZeuS and SpyEye, since CARBERP’s appearance in the latter half of 2009 we seen steady increase in numbers (see Figure 1).
Also, our telemetry shows that almost a quarter of Carberp infections were in Germany (see Figure 2).
We applaud the efforts and actions of the Russian authorities in this case, and we hope to see more international cooperative efforts to bring cybercriminals to justice around the world.