Citadel Trojan: Open-Source Malware Community Adds Customer Care

The developers of Citadel, a new variant of the infamous Zeus Trojan, have adopted Software-as-a-Service (SaaS) and open-source models, allowing them to create malware with advanced features.

According to a report on Seculert blog, the team of developers went as far as creating a dedicated social network, which enables other cybercriminals to suggest new features and modules to the malware, report bugs and other errors in the system and even comment and discuss related issues with fellow “customers”.

Organising crime

Since Zeus source-code went public in 2011, the Citadel community became very active, and started contributing new modules and features to the malware.

Seculert’s Research Lab discovered the first indication of a Citadel botnet on 17 December, 2011. The level of adoption and development of the Trojan is rapidly growing and, since then, Seculert has identified over 20 different Citadel botnets.

Each successive version has added new modules and features, some of which were submitted by the Citadel customers themselves, including improved encryption, better tracker avoidance, and trigger-based video recording.

One of the most worrying features is a security vendor blacklist, which means that, once infected, the computer will be unable to download anti-virus software or updates.

Similar to legitimate software companies, the Citadel authors provide their customers with a user manual, release notes and a licence agreement.

In an online posting, discovered by security blogger Brian Krebs, Citadel’s developers claimed: “It’s no secret that the products in our field — without support from the developers — result in a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers.”

Several experts agree that the open-source model may be the next growing trend in cybercrime. If this turns out to be true, IT sector might have to deal with cutting-edge, constantly evolving malware, designed by hundreds of people. And that is not a great prospect.