Citadel Banking Malware Evolving, Spreading Rapidly


A computer trojan targeting online banking software is rapidly spreading and evolving thanks to the open source development model being utilized by its creators.

Called Citadel, the new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010, and its source code leaked online a few months later.

Since its public release, the ZeuS source code has served as base for the development other Trojans, including Ice IX and now Citadel.

“Seculert’s Research Lab discovered the first indication of a Citadel botnet on December 17th, 2011,” the security company said Wednesday in a blog post. “The level of adoption and development of Citadel is rapidly growing.”

Seculert has identified over 20 botnets that use different versions of this Trojan. “Each version added new modules and features, some of which were submitted by the Citadel customers themselves,” the company said.

The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects. “Similar to legitimate software companies, the Citadel authors provide their customers with a User Manual, Release Notes and a License Agreement,” Seculert said.

Like its parent, Citadel is sold as a crimeware toolkit on the underground market. The tookit allows fraudsters to customize the Trojan according to their needs and command and control infrastructure.

However, the Citadel authors went even further and developed an online platform where customers can request features, report bugs, and even contribute modules.

So is a new trend in malware being seen? Seculert believes it is.

The security company believes that the success of this Trojan could drive other malware writers to adopt the open source model. “This recent development may be an indication of a trend in malware evolution,” Seculert said.

Enhanced by Zemanta
Advertisements

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on February 15, 2012, in attacks, botnets, Cybersecurity, Hacking, malware, Security breach and tagged , , , , , , , . Bookmark the permalink. Comments Off on Citadel Banking Malware Evolving, Spreading Rapidly.

Comments are closed.

%d bloggers like this: