There was a firesale of the Carberp code the week of June 17th - apparently (as far as I understand) one of the members of the Carberp cyber-crime gang began selling the code without the authorization of his partners in crime. At the height of the sale I read that that going price was $50k. But then a week later the code was leaked (the RAR containing the kit was being distributed on various underground hacker community sites, but did not include the password until about a week ago when that was then posted.)
I guess the archive is about 5GB in size and allegedly contains the commented source code for Carberp and all of its modules, including the bootkit ones; the source code for the administration panel used on Carberp command-and-control servers; exploits for two Windows privilege escalation vulnerabilities that have been patched in 2012, CVE-2012-0217 and CVE-2012-1864; and so-called “Web inject” scripts that allow the malware to interact with different online banking websites.
I know this is "old news" at this point, but I haven't seen it yet here so thought it would be a good first post!