Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Citadel banking malware is evolving and spreading rapidly, researchers warn

The open-source development model is helping Citadel's creators patch bugs and add features faster

A computer Trojan that targets online banking users is evolving and spreading rapidly because its creators have adopted an open-source development model, according to researchers from cyberthreat management firm Seculert.

Called Citadel, the new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010 and its source code leaked online a few months later.

Since its public release, the ZeuS source code has served as base for the development other Trojans, including Ice IX and now Citadel.

"Seculert's Research Lab discovered the first indication of a Citadel botnet on December 17th, 2011," the security company said Wednesday in a blog post. "The level of adoption and development of Citadel is rapidly growing."

Seculert has identified over 20 botnets that use different versions of this Trojan. "Each version added new modules and features, some of which were submitted by the Citadel customers themselves," the company said.

The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects. "Similar to legitimate software companies, the Citadel authors provide their customers with a User Manual, Release Notes and a License Agreement," Seculert said.

Like its parent, Citadel is sold as a crimeware toolkit on the underground market. The tookit allows fraudsters to customize the Trojan according to their needs and command and control infrastructure.

However, the Citadel authors went even further and developed an online platform where customers can request features, report bugs and even contribute modules.

While analyzing different Citadel versions that were released in rapid succession, Seculert's researchers spotted improvements like the use of AES encryption for configuration files, the blocking of antivirus websites on infected computers, the blocking of automated botnet tracking services and the addition of remote screen video recording capability.

The security company believes that the success of this Trojan could drive other malware writers to adopt the open-source model. "This recent development may be an indication of a trend in malware evolution," Seculert said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AES, Citadel
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: malware, security
Latest Blog Posts
Whitepapers
  • Spear Phishing Attacks - Why they are successful and how to stop them
    There's been a rapid shift from broad, scattershot attacks to advanced target attacks that have had serious consequences for victim organisations. The increased use of spear phishing is directly related to the fact that it works, as traditional security defences simply do not stop these types of attacks. This paper provides a detailed look at how spear phishing is used within advanced attacks and the key capabilities organisations need in order to effectively combat these emerging and evolving threats.
    Learn more »
  • Virtual Certainty - Best Practices for Gaining Monitoring Clarity in VMware Environments
    The benefits of virtualisation are unassailable: increased agility, scale, and cost savings to name but a few. However, so too are the monitoring challenges posed by these environments—including complexity, lack of visibility and control, and inefficiency. This white paper reveals the best monitoring practices to employ in virtualized environments—best practices that are essential in enabling organizations to overcome their monitoring challenges so they can get the most business value from their virtualisation investments.
    Learn more »
  • Top 5 Myths of Safe Web Browsing
    There are a lot of misconceptions out there about safe web browsing. You might think you're being safe. But without the facts it’s next to impossible to stay protected against today’s changing threats. In this paper we describe the top five myths of safe web browsing, what the facts really are, and what you can do to stay secure.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.