Wednesday, September 3, 2014

Citadel Trojan Malware

  • Citadel promises a high level of customer service. A focal point of Citadel’s customer support is a portal called Citadel CRM (customer relationship management), where customers can propose new capabilities to be implemented.

Description

 Authors of this malware have been aggressive in adding new features and fixing bugs during in follow-on releases. Most recently Citadel version 1.3.4.5 “Summer Edition” became available that continues to add features that further differentiate Citadel from its Zeus origins.[1]
Citadel is an offspring of the popular Zeus crime kit whose main goal is to steal banking credentials by capturing keystrokes and taking screenshots/videos of victims’ computers. Citadel quickly became a popular choice for criminals. 

In order to get into business the bad guys need a server that is hosted at a company that will turn a blind eye on their activities and also guarantee them some anonymity. Those hosting firms are for the most part located in countries like China or Russia. They can operate in their own jurisdiction so long as they do not commit crimes against own people. In such cases not a whole lot can happen to the criminals. To cover their tracks, the bad guys use proxy or VPN services that disguise their own IP address.[2] Once set up with a server, the criminals can install what will be the mastermind program, which will create and organize an entire array of infected computers anywhere.

The latest version of Citadel, whose code name is Rain Edition, is priced at $3,931 but it includes a lot of valuable features. The makers of Citadel are trying to keep a low enough profile to avoid gathering too much attention, which could result in efforts to interfere (as we have seen with Zeus). Getting hands on Citadel is difficult because of a stricter validation process of trusted criminals within the Russian underground.

Executive Guidance

When seeing such technically advanced crimekit as Citadel it places its blocking into a highly professional context. Citadel methods used to steal personal information are so advanced that even the most cautious user may be fooled. It is best to avoid infection in the first place by using malware protection software that can cope with the complexity of Citadel. Using a combination of safe online practices or resorting to a consultant for recommendations are the primary defensive measures.



[1] botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf
[2] https://blog.malwarebytes.org/intelligence/2012/11/citadel-a-cyber-criminals-ultimate-weapon/

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com