Citadel Banker Trojan Growing and Proliferating Fast
A fresh malware item named Citadel, which has evolved from the earliest and extremely well-known Internet-banking Trojan, ZeuS, is reportedly spreading widely across users' computers. Previously, during late-2010, the creators of ZeuS abandoned their creation, while just after some months someone leaked the Trojan's source-code on the Internet, said security researchers from Seculert, the company for cyber-threat management. CIO IN published this on February 10, 2012.
Essentially with ZeuS code's exposure, other Trojans were easily developed like Ice IX and Citadel thereafter. Seculert said that its research laboratory discovered the Citadel botnet's early indications on December 17, 2012. Since then its development and use had been fast growing, the company continued. SmartNews published this on February 10, 2012.
Also, ever-since ZeuS source-code's exposure during 2011, the controllers of Citadel really became active, especially as they began introducing fresh features and modules to the malware. This likely suggests a tendency for malware of the open-source kind to evolve.
For open-source malicious programs, the advantage is their rapid development. Recently, Citadel noted twenty separate botnets, which utilize the malware's different versions. Moreover, Citadel contaminated over 100,000 PCs.
Incidentally, the Citadel development process is what's most interesting about the malware that resembles the ones responsible for group-backed projects involving open-source modules. According to Seculert, just like genuine software development firms, the creators of Citadel offer their clients Release Notes, one User Manual as well as one License Agreement. PCWorld published this on February 9, 2012.
Further, every edition of Citadel increased the number of features and modules to it, a few of them even coming from the Citadel clients. One such feature is the AES Encryption wherein a client can freely decide if he wishes for encoding the file pertaining to malware configuration or interact with the remote command-and-control server using AES and RC4 encryptions. One other feature involves a video recording facility wherein clients can make movies of operations by the contaminated PC, provided the victim goes to one particular website.
Lately Brian Krebs too said that Citadel, originating from ZeuS and being canvassed on many members-only web platforms for hackers, was one more software-as-a-service (SaaS) malicious program.
Related article: Citadel Investment Site Cloned for a Penny-Stock Scam
» SPAMfighter News - 15-02-2012