Malware Developers Focusing on Open Source Model

According to the security company 'Symantec,' developers of malicious software are focusing their attention on the model of open source to use old Trojan programs more intensely.

A lot of malicious codes authors are currently offering their codes in a Trojan market whose 10% share has become an open source for its participants, state threat researchers at Symantec.

As malware developers anticipate expanding the old Trojans' potentialities, they are allowing criminal code writers to have an easy access to malicious programs that steal financial and other personal information.

Candid West, Symantec's threat investigator, states that the advantages of above move are that there will be many people engaged in developing Trojans' capabilities. For instance - a person who deals with cryptography can put in a cryptographic type of plug-in or someone who performs video-streaming can put in a desktop's remote streaming, as reported by CNet News on September 18, 2009.

Making Trojans open source was first attempted in 1999 when a group named 'Cult of the Dead Cow' published Trojan Back Orifice's source code.

Lately, the authors of Trojan 'Limbo' released the malware's source code in a bid to boost take-up after fraudsters had reduced its use.

Soon after the source code was released in 2007, there was a widespread use of Trojan 'Limbo' worldwide but its use declined in 2008 as the relatively much more advanced 'Zeus' Trojan was released, reveals RSA another security firm.

Security analysts said that a dominant Trojan had a huge monetary incentive, as the infection it did to computers and the personal confidential information it seized value several million dollars. Earlier the Trojan Limbo kit had been traded to cyber criminals for $350 before it became open source, whereas Trojan Zeus currently sells for $1,000-$3,000.

RSA further stated that although there was an effort to go open source, it hadn't reversed the flow of Limbo's declining fortunes. The effort implied advancing towards a business model, which was identical to the one responsible for any project involving open source. This business model include - supply of certain fundamental form followed by the sale of more sophisticated editions, customizations or professional services.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 10/9/2009