8 Men suspected of being involved in the Carberp phishing scam have been arrested in Russia. The men were arrested after a joint investigation by the Russian Ministry of Internal Affairs (MVD) and Federal Security Service (FSB).
According to the MVD, the investigation found that two brothers were the ringleaders of the gang, and developed a plan to steal money from the accounts of online banking customers. The eight suspects allegedly stole more than 60 million Rubles ($2 million) from 90 victims using the Carberp Trojan.
Russian security firm who assisted with the investigation, pegged the stolen loot at 130 million Rubles ($4.5 million). Police confiscated computers, bank cards, notary equipment, fake documentation, and more than 7 million Rubles ($240,000) in cash during the raid.
The gang used the Carberp and RDP-door Trojans to snare victims. Carberp is a well-known Trojan that was recently seen on Facebook as part of a scam where attackers notify Facebook users that their accounts are temporarily locked. All they had to do to get them back was provide their first and last names, email addresses, dates of birth, passwords, and a 20-euro Ukash voucher.
The suspects will be accused of creating, using and disseminating of harmful computer programs, theft and illegal access to computer information and, if convicted, could be jailed for up to 10 years.
In addition to bank fraud, the gang was also involved in distributed denial-of-service attacks, the security firm found.