Masters behind the Carberp botnets are now under arrest and facing charges.
As expected, the number of infected devices dropped right after each series of arrests, but for the time being, the number of impacted computers is still high, said researchers at IT security company ESET.
Carberp first came to light in 2009 when a group started using it to steal sensitive information. At the time, the malware wasn’t as sophisticated as the updated variants. The old version mainly relied on legitimate remote access software.
In 2010, a second organization began its activities and in the summer of 2011, the biggest botnet based on Carberp came to life. A few months later, the Trojan improved to incorporate a bootkit.
By the end of 2011, mass infections started coming from hijacked websites. Each of these versions came with new features and improved mechanisms such as a smartcard detection functionality.
Starting in March 2012, law enforcement agencies managed to apprehend the individuals that coordinated the massive operations. At the end of June police arrested a man suspected of running the largest banking botnet in the world (4.5 million computers).
The figures provided by ESET’s Live Grid show after each series of arrests, the number of detections slightly dropped, but the number of infected machines is still high, compared to the past years.
“All the Carberp botnet organizers have been arrested, but our statistics aren’t showing a big drop in detections. The Russian region leads as before for Carberp detections and after the arrests it showed a brief dip,” said Aleksandr Matrosov of ESET’s Security Intelligence Team Lead.