Malware authors get social to improve cyber attacks

Security researchers have found that cyber criminals are offering their attack tools in a software-as-a-service (SaaS) model, and creating social networks to build communities around their products to help suggest new features and find bugs.

Researchers at cyber threat management firm Seculert found that malware developers had in effect created a new customer relationship management (CRM) platform.

"[The cyber criminals] created a social network that enables their customers to suggest new features and modules to the malware, report bugs and other errors in the system, comment and discuss related issues with fellow customers.

"This CRM platform has explosive potential, as it harnesses the accumulative knowledge and resources of its cyber community," the company said.

Seculert found this methodology was used to develop the new Trojan called Citadel. Citadel evolved out of the infamous Zeus Trojan.

Promoting their Trojan, Citadel's developers claim to offer better after-sales support than most competitors in the malware marketplace.

"It's no secret that the products in our field – without support from the developers – result in a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers," wrote the malware developers in a posting seen by security researcher Brian Krebs.

One feature of the Citadel Trojan is that infected computers are unable to visit websites belonging to cyber security vendors, thereby blocking access to anti-virus (AV) products and updates to existing AV tools.

Features such as this are part of the software thanks to the suggestions from the underworld social network created around the product, and contributions from other open-source malware developers.

Seculert said that more malware authors may choose to open up their code to the wider hacking community, embracing the open-source model of software development.

"The cybercrime world is characterised by rapid development, cutting-edge technology, and hackers' constant cravings for recognition."