Forgot your password?
typodupeerror
Operating Systems Security Open Source Programming Apache

Bad Guys Use Open Source, Too 84

Posted by timothy
from the malice-aforethought dept.
First time accepted submitter colinneagle writes "Open source has been so successful in giving us software like Linux, Apache, Hadoop, etc., why wouldn't the open source method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using open source models to hone their code and make the Trojan more dangerous."
This discussion has been archived. No new comments can be posted.

Bad Guys Use Open Source, Too

Comments Filter:
  • Title (Score:5, Funny)

    by karolgajewski (515082) on Saturday February 11, 2012 @11:46AM (#39005249) Journal

    Their grammar's great, too.

    • There grammerz grate, to.

      Fixed yours to match the title.

    • It can be linguistic fascism time now, please?
    • by Chrisq (894406)

      Their grammar's great, too.

      Not quite - they forgot the apostrophe in Guy's

    • by sharph (171971)

      I fixed this sentence:

      According to this report from Seculert Research the makers of Citadel, a variant of the Zeus Trojan, are using open source models to hone their code and make the Trojan more dangerous.

      The original sentence made it out to sound like Seculert Research were the makers of Citidel, and a variant of the Zeus Trojam was using open source models.

  • by Anonymous Coward

    >> Bad Guys Are Use Open Source, Too

    All your base are belong to us

    • by Sulphur (1548251)

      >> Bad Guys Are Use Open Source, Too

      All your base are belong to us

      All your assets are belong to us.

  • by PessimysticRaven (1864010) on Saturday February 11, 2012 @11:47AM (#39005259)

    ...Malware writers are using *gasp* coding to further their goals?!? Horrorz!

    • by Anonymous Coward

      "The waterfall model of software development has been so successful in giving us software like Windows, IIS, Skype, etc., why wouldn't the waterfall method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt waterfall methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using waterfall models to hone their code and make the Trojan

  • by DarkFencer (260473) on Saturday February 11, 2012 @11:47AM (#39005261)

    Sure but what license are they using? I make sure all my malware is GPL3. None of that BSD licensed malware for me!

    • by w_dragon (1802458) on Saturday February 11, 2012 @12:00PM (#39005363)
      That only makes sense, after all the GPL is the viral license!
    • by muon-catalyzed (2483394) on Saturday February 11, 2012 @12:08PM (#39005443)
      FOSS purists even recommend to call it GNU/Zeus Trojan
    • Re: (Score:2, Funny)

      by Opportunist (166417)

      Oh snap, any AV kit finding their crap violates the GPL now.

      (as if they didn't yet...)

    • Use LGPL3, that way if it infects a proprietary executable it won't be a license violation.

      • by gwolf (26339) <<gwolf> <at> <gwolf.org>> on Saturday February 11, 2012 @01:18PM (#39005921) Homepage

        1. Release a strict GPL-licensed virus (along with source offer and all)
        2. Make it infect your target's executables
        3. Sue them for license breach!
        4. Profit!

        See? I did away with those pesky '???' bits!

        • by Xtifr (1323)

          Ha! Funny. But just in case a few of the more ignorant slashdotters think you might be on to something, I should point out that you can't sue someone when you modified their work, rather than the other way around. In fact, it's possible that virus writers in general could be sued for copyright infringement because they create derivative works. And if a non-GPL'd virus infected a GPL'd work, the authors of the former might be able to sue to get either the source of the virus released, or have the virus wi

          • by muridae (966931)
            Well, that's probably an issue that lawyers would like to try. Just imagine the SCO case all over again! The more simple issue is that you can't sue when someone else uses your GPL virus to modify code on their computer, and they don't distribute it. The closed source guys might sue the user, since modifying might be against the license. But remember, the GPL puts little restrictions on using the code, but lots of restrictions on re-releasing it.
            • by Xtifr (1323)

              Hmm, that's a fair point. OTOH, if your virus were intended to target one or more GPL'd programs specifically (if, for example, MS decided to release a virus to go after Cygnus), then it could be considered an attempt to distribute a derivative work, just as the original NeXT Objective-C compiler was. NeXT carefully tried to separate their front end from the rest of GCC, and make the users link it in manually, but after their lawyers talked to the FSF lawyers, they quickly backed down and released their f

        • by Darfeld (1147131)

          I see that. Obviously, if you don't have the '???', your doing something wrong.

    • by vandamme (1893204)

      My wife uses a malware client called "Windows Seven". Now I can change her over to GPL.

  • by roman_mir (125474) on Saturday February 11, 2012 @11:48AM (#39005269) Homepage Journal

    Are they do?

    • by bmo (77928)

      "They don't think it be like it is, but it do." - Oscar Gamble

      --
      BMO

  • because it works? (Score:2, Interesting)

    by cellocgw (617879)

    I guess the "takeaway" from this is that trying to produce working code with .Net or PowerShell is well-nigh impossible.

    • Nah, this isn't about compiler or environment, but the employment of a community-centric development model. Even bounties, it looks like.
    • by TheLink (130905)
      The disadvantage of using .Net or Powershell for malware is they require the victim to have .Net / Powershell installed.

      As for OSS, Perl malware might be interesting (TIMTOWDI for polymorphic self modifying malware that looks for new instructions via LWP), but the resulting standalone windows executable would be more than 1MB and closer to 4MB I think (could try to shrink it with upx, but it's still going to be more than 1MB).
  • by Eric Smith (4379) <eric@brouhaha. c o m> on Saturday February 11, 2012 @11:50AM (#39005297) Homepage Journal
    Why should only the criminal side of the malware equation get the benefits of open-source?
  • by DoninIN (115418) <don.middendorf@gmail.com> on Saturday February 11, 2012 @11:53AM (#39005317) Homepage
    Sort of anyway? Seems to that the networks of hackers and bad guy developers has always been sharing notes and code, and that this technique has long been used as an "intelligence amplifier" allowing a loose collection of bad guys who couldn't or at least didn't get real jobs to create some powerful malware tools. Which are often then used by someone else with slightly less coding sense and much more ambition to make some money, and to spread the idea of making money this way to others. The whole industry is a lot like multi-level marketing that way.
    • by dkleinsc (563838) on Saturday February 11, 2012 @12:00PM (#39005365) Homepage

      In addition, any code that's given away to do good can also do evil. Consider, for instance, nmap. It's great if you're trying to see how open you are to attack, or if you're trying to take down a power grid so Neo and Morpheus don't get killed, but it's also really handy if you're trying to determine the best vector for taking over a host.

    • Yes, they have for as long as I've known anything about it, and that's about 20 years. This is nothing new.

  • by Anonymous Coward on Saturday February 11, 2012 @11:54AM (#39005333)

    Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have.

    That's just idiotic and the whole article reads as an advertisement for Seculert

    • Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have.

      That's just idiotic and the whole article reads as an advertisement for Seculert

      It's beyond idiotic. This kind of language might have been appropriate in OMNI in 1978 to describe an outburst of creative thinking by Robert Trivers in the early 1970s.

      It would also have been appropriate in the same issue of OMNI to run an article about a race of beings

  • To fit in with the Title, I formatted the rest of the post for your bleeding eyeball convenience: "Our software, such as Linux, Apache, hadob, and so forth, why open source won't work for other types of open-source software successful? Maybe a Trojan malicious programs opened behind the expected big criminals"
  • by w.hamra1987 (1193987) on Saturday February 11, 2012 @12:17PM (#39005503) Homepage

    this open source thingie is used for writing malware!! someone must stop them, all opensource must be deemed illegal, and richard stallman should be prosecuted for aiding criminals. if you don't believe me, go ask microsoft, they'll agree with everything i just said.

    • by lexsird (1208192)

      Hey! It was Christmas, they needed to shake down the industry for some big Christmas bonuses.

      Congress: the other white collar crime.

  • Is there a story in here somewhere?

    Criminals are usually stupid, but eventually even they start to use modern methods. Nothing new or surprising.

    • by Cruciform (42896)

      Petty criminals are usually stupid (or just desperate).
      There are lots of criminals that are smart, ripping people off every day, and not getting caught.
      Or they just happen to be the ones funding the legislators.

  • by Jah-Wren Ryel (80510) on Saturday February 11, 2012 @12:44PM (#39005669)

    GUNs don't kill people, GNUs kill people!

  • by DemonGenius (2247652) on Saturday February 11, 2012 @12:47PM (#39005687)
    ... has gone to plaid.
  • Okay so some "bad guys" use open source software to improve there destructive ability. How many "bad guys" use closed source software to improve there destructive ability.
  • Bad guys use the toilet too. They also eat and sleep and such, and we could argue that this does indirectly help them make better malware. So?

  • Why wouldn't anyone have expected the bad guys to do this? They've been doing it for decades already. Back when it was dial-up BBS systems, the bad guys had BBS networks of their own with download libraries full of code and discussion boards full of people discussing and refining their techniques and making their viruses better. As programming and development methodologies have evolved, why wouldn/t we expect programmers and developers on the bad side would adopt them just like any other programmers?

  • by dave562 (969951) on Saturday February 11, 2012 @01:46PM (#39006155) Journal

    The author is right, nobody would have ever thought that the kind of people who lurk in the computer underground would ever use open source tools or methods to develop their malware. We all thought that "those people" were paying Microsoft for copies of Visual Studio and writing all of their code based explicitly on MSDN code samples.

    • Re:Nobody expected? (Score:5, Interesting)

      by GauteL (29207) on Saturday February 11, 2012 @02:43PM (#39006481)

      You are completely missing the point. Of course malware authors aren't averse to pirating software.

      In fact you'd sort of expect them to use pirated software rather than FOSS.

      The point here is that the malware authors to some extent seem to deliberately share their code and findings with other malware authors.

      • by Waccoon (1186667)

        What's surprising about this? The Amiga community was notorious for it's hackers, and those guys threw their code into the public domain back when public domain was actually public and the GPL didn't exist.

        Granted, mal-ware was more for yuks than profit back then.

  • by Anonymous Coward

    Hey there Mr. Software Expert.
    "Probably no one expected that the criminals behind vast malware trojans would adopt open source methods." Only a NetworkWorld writer wouldn't suspect that.

    Even with the tremendous growth and availability of tools, the number of people worldwide that write code beyond the "hello world" level is still tiny. The people who write new code is a small fraction of that. The people who write functional new code is, yet again, another small subset.

    Out of that tiny group of people, the

  • by Anonymous Coward
    Inject the terms open-source and malware into the blogosphere. Under no circumstance mention Microsoft Windows ...
  • Criminals, CRIMINALS I SAY ! Drive cars, ride on the bus right beside us, eat food, sleep and defecate just like regular people. Call on God or the wizard of Oz to do something. Please. Please. Oh woe. Oh woe we are doomed, so doomed. Oh grievous despair...

  • Russian hackers have accepted EUR800,000 in donations from customers of Nordea, Sweden's largest bank, after a sophisticated "phishing" campaign recruited customers into downloading a Trojan horse program that recorded their account login details.

    The Russians had looked up the definition of "hacker" in the Jargon File and been inspired to leverage the creative power of open source Free Software. The first campaign took place in August 2006 and was detected a month later, having affected around 250 Nordea cu

"Out of register space (ugh)" -- vi

Working...