According to a blog post by RSA cybercrime and online fraud communications specialist Limor S. Kessem, the cybercriminals behind the Carberp Trojan are now offering the malware online for usage fees of $2,000 to $10,000 per month, or as a full kit for $40,000. "At no point in cybercrime history has any developer asked such price for a banking Trojan," Kessem writes.
"The high price tag, Kessem said, is a deterrent to anyone buying the kit as a whole, customizing it and selling off variants," writes Threatpost's Michael Mimoso. "After some members of the Carberp gang were arrested earlier this year in Russia, the gang pulled back its efforts. 'They’re willing to sell some, but for the most part they want to be private and careful,' Kessem said."
"The new bootkit has been found to integrate parts from the Rovnix Trojan -- a threat that infects the Volume Boot Record (VBR) -- and it has been linked to the notorious BlackHole exploit kit," writes Softpedia's Eduard Kovacs. "It’s uncertain whether there’s a connection between the gangs that provide these malicious elements but, as ... Kessem highlights, it’s clear that the Carberp group is determined to increase its profits."