Citadel hackers to go quiet
Contributed by: Email on 07/02/2012 02:47 PM
[
Comments
]
Due to increased pressure from the possibility of prosecution, some malware authors are taking their malware off the market. Or perhaps they are just worried about market saturation. In either case, the makers of the Citadel malware are about to take it off the market.
Citadel has done its fair share of damage. The malware has been used in a variety of cases in the last few months, including the installation of a strain of ransomeware called Reveton. In that instance, attackers were using Citadel in drive-by downloads to install Reveton, which was then locking up victims' computers and demanding a $100 fee to unlock them.
The malware, which is sold for several thousand dollars, has a community type aspect. Users can communicate with the developers about feature requests, bugs and other issues. But the Citadel crew appears to now want to go quiet for a while.
"With law enforcement hot on their heels, developers of the Citadel Trojan, who recently communicated the release of a new version (v1.3.4.5), dropped the bomb. The teams spokesman declared that very soon their 'software' will no longer be publicly available through the underground venues where the team has traditionally marketed and sold Citadel. It appears that soon enough only existing customers will continue to enjoy Citadel Trojan upgrades and those wishing to purchase a new kit from the outside will have to get a current customer to vouch for them or be denied the product altogether," RSA Security officials said in a blog post.
Researchers have been on the trail of Citadel for some time now, as have law enforcement agencies. The ransomware scam that was installing Reveton earlier this year also was presenting itself as a warning from the Department of Justice about there being illegal content on the victim's machine. Law enforcement officials tend to take a dim view of criminals using their names as part of a scam, and that crew now has the attention of the DoJ, a career-limiting move.
The authors of Citadel, which is a derivative of Zeus, likely are not enjoying that attention.
"Malware developers working on criminal-popular projects like Citadel rightfully fear law enforcement. Their actions of developing, supporting and selling advanced crimeware makes them an accessory to the crimes which can easily get them indicted alongside their botmaster customers. The more popular the banking Trojan becomes, the more banks and merchants push to have its developers and bot masters behind bars," the RSA researchers said.
Citadel has done its fair share of damage. The malware has been used in a variety of cases in the last few months, including the installation of a strain of ransomeware called Reveton. In that instance, attackers were using Citadel in drive-by downloads to install Reveton, which was then locking up victims' computers and demanding a $100 fee to unlock them.
The malware, which is sold for several thousand dollars, has a community type aspect. Users can communicate with the developers about feature requests, bugs and other issues. But the Citadel crew appears to now want to go quiet for a while.
"With law enforcement hot on their heels, developers of the Citadel Trojan, who recently communicated the release of a new version (v1.3.4.5), dropped the bomb. The teams spokesman declared that very soon their 'software' will no longer be publicly available through the underground venues where the team has traditionally marketed and sold Citadel. It appears that soon enough only existing customers will continue to enjoy Citadel Trojan upgrades and those wishing to purchase a new kit from the outside will have to get a current customer to vouch for them or be denied the product altogether," RSA Security officials said in a blog post.
Researchers have been on the trail of Citadel for some time now, as have law enforcement agencies. The ransomware scam that was installing Reveton earlier this year also was presenting itself as a warning from the Department of Justice about there being illegal content on the victim's machine. Law enforcement officials tend to take a dim view of criminals using their names as part of a scam, and that crew now has the attention of the DoJ, a career-limiting move.
The authors of Citadel, which is a derivative of Zeus, likely are not enjoying that attention.
"Malware developers working on criminal-popular projects like Citadel rightfully fear law enforcement. Their actions of developing, supporting and selling advanced crimeware makes them an accessory to the crimes which can easily get them indicted alongside their botmaster customers. The more popular the banking Trojan becomes, the more banks and merchants push to have its developers and bot masters behind bars," the RSA researchers said.
Comments
