The source code for the notorious Carberp banking malware toolkit, which used to change hands for tens of thousands of dollars, has been leaked, security researchers are warning.
Earlier this year, would-be cyber-crooks were being charged around $40,000 to buy, or up to $10,000 a month to rent, the Carberp source code.
However, last week Andrey Komarov from Russian security firm Group-IB told tech news site The Register that the code was being hawked for as little as $5000 on underground forums, possibly because of internal disagreements within the team behind the malware.
Soon after news broke of the cut price deals, rumours began circulating that the Carberp code had been leaked. Another security firm, CSIS found the source code and the Carberp bootkit inside a password protected zip file. The password has also since been leaked.
Says CSIS's Peter Kruse: "As with the leakage of the ZeuS source code, back in May 2011, this means that IT-criminals have every chance to modify and even add new features to the kit."