What is good for the goose, is good for the gander, right? Open source has been so successful in giving us software like Linux, Apache, Hadoop, etc., why wouldn't the open source method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using open source models to hone their code and make the Trojan more dangerous.
Not only open source, but the Citadel creators are also deploying it from a SaaS model and using a CRM type of system with forums and message board to communicate with the consumers using the Trojan to commit criminal activity. You have to hand it to these guys, they are using cutting edge techniques to make their product better. Too bad they don't put this much effort into a legitimate business, but then again they probably wouldn't make as much money.
The story around Citadel was originally broke by my friend Brian Krebs on his Krebs On Security blog. The developers behind Citadel reached out to consumers of malware Trojans who had grown frustrated with the lack of support from the folks creating these trojans (I am not kidding, they want support and maintenance for their viruses). Citadel is based on the venerable Zeus Trojan that was originally open sourced last year.
Now users of Citadel can request functionality, donate modules, beta test and help each other with support questions thanks to the system Citadel has set up. This has resulted according to Seculert is Citadel adding:
All of this innovation has also been done at a faster rate to. It seems the opens soure model is serving as an evolutionary catalyst. But it gets even better, using the Citadel Trojan, users get a License, Users Manual and release notes. Some legitimate software companies don't do that good a job. Again it is a shame that they are doing all of this for a nefarious purpose.
According to the Seculert folks with the success of the Citadel system, we may see more open source models being deployed in the malware world. But hey why think only the good guys would have a monopoly on open source.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.