Citadel banking malware is evolving and spreading rapidly, researchers warn
The open-source development model is helping Citadel's creators patch bugs and add features faster
IDG News Service - A computer Trojan that targets online banking users is evolving and spreading rapidly because its creators have adopted an open-source development model, according to researchers from cyberthreat management firm Seculert.
Called Citadel, the new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010 and its source code leaked online a few months later.
Since its public release, the ZeuS source code has served as base for the development other Trojans, including Ice IX and now Citadel.
"Seculert's Research Lab discovered the first indication of a Citadel botnet on December 17th, 2011," the security company said Wednesday in a blog post. "The level of adoption and development of Citadel is rapidly growing."
Seculert has identified over 20 botnets that use different versions of this Trojan. "Each version added new modules and features, some of which were submitted by the Citadel customers themselves," the company said.
The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects. "Similar to legitimate software companies, the Citadel authors provide their customers with a User Manual, Release Notes and a License Agreement," Seculert said.
Like its parent, Citadel is sold as a crimeware toolkit on the underground market. The tookit allows fraudsters to customize the Trojan according to their needs and command and control infrastructure.
However, the Citadel authors went even further and developed an online platform where customers can request features, report bugs and even contribute modules.
While analyzing different Citadel versions that were released in rapid succession, Seculert's researchers spotted improvements like the use of AES encryption for configuration files, the blocking of antivirus websites on infected computers, the blocking of automated botnet tracking services and the addition of remote screen video recording capability.
The security company believes that the success of this Trojan could drive other malware writers to adopt the open-source model. "This recent development may be an indication of a trend in malware evolution," Seculert said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts