Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Guys Use Open Source, Too

Posted by timothy on from the malice-aforethought dept.

First time accepted submitter colinneagle writes "Open source has been so successful in giving us software like Linux, Apache, Hadoop, etc., why wouldn't the open source method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using open source models to hone their code and make the Trojan more dangerous."

28 of 84 comments (clear)

  1. Title by karolgajewski · · Score: 5, Funny

    Their grammar's great, too.

    --
    - .k. -
    1. Re:Title by Higgins_Boson · · Score: 2

      There grammerz grate, to.

      Fixed yours to match the title.

    2. Re:Title by Samantha+Wright · · Score: 2

      It can be linguistic fascism time now, please?

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    3. Re:Title by Dark$ide · · Score: 2

      There grammerz grate, to.

      Fixed yours to match the title.

      All your base belong to us.

      All your base are belong to us.

      FTFY, you're welcome.

      --

      Sigs. We don't need no steenking sigs.

  2. Is this a "Captian Obvious" thing? by PessimysticRaven · · Score: 5, Funny

    ...Malware writers are using *gasp* coding to further their goals?!? Horrorz!

    --
    Consistency is only a virtue if you're not a screw-up.
  3. Question is... by DarkFencer · · Score: 5, Funny

    Sure but what license are they using? I make sure all my malware is GPL3. None of that BSD licensed malware for me!

    1. Re:Question is... by w_dragon · · Score: 5, Funny

      That only makes sense, after all the GPL is the viral license!

    2. Re:Question is... by muon-catalyzed · · Score: 5, Funny

      FOSS purists even recommend to call it GNU/Zeus Trojan

  4. Those bad guys do sure are by roman_mir · · Score: 4, Funny

    Are they do?

    --
    You can't handle the truth.
  5. Need open-source antimalware too by Eric+Smith · · Score: 5, Interesting

    Why should only the criminal side of the malware equation get the benefits of open-source?

    1. Re:Need open-source antimalware too by Anonymous Coward · · Score: 2, Funny

      I'm sure they use commercial software too. Like windows.

      They have to test the malware somehow.

    2. Re:Need open-source antimalware too by MurukeshM · · Score: 3, Insightful

      Something called ClamAV?

  6. Re:because it works? by Samantha+Wright · · Score: 2

    Nah, this isn't about compiler or environment, but the employment of a community-centric development model. Even bounties, it looks like.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  7. Haven't they always? by DoninIN · · Score: 4, Insightful

    Sort of anyway? Seems to that the networks of hackers and bad guy developers has always been sharing notes and code, and that this technique has long been used as an "intelligence amplifier" allowing a loose collection of bad guys who couldn't or at least didn't get real jobs to create some powerful malware tools. Which are often then used by someone else with slightly less coding sense and much more ambition to make some money, and to spread the idea of making money this way to others. The whole industry is a lot like multi-level marketing that way.

    1. Re:Haven't they always? by dkleinsc · · Score: 4, Insightful

      In addition, any code that's given away to do good can also do evil. Consider, for instance, nmap. It's great if you're trying to see how open you are to attack, or if you're trying to take down a power grid so Neo and Morpheus don't get killed, but it's also really handy if you're trying to determine the best vector for taking over a host.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  8. Uh, malware has been using open source for ages by Anonymous Coward · · Score: 4, Insightful

    Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have.

    That's just idiotic and the whole article reads as an advertisement for Seculert

  9. Re:because it works? by K.+S.+Kyosuke · · Score: 4, Funny

    Even bounties, it looks like.

    Isn't that rather booties? Arrr!

    --
    Ezekiel 23:20
  10. Bad Guys Also Use Closed Source Model! by rubycodez · · Score: 3, Funny

    Bad Guys Also Use Closed Source Model! Bad Guys Even Use Software and Hardware! Bad Guys Breath Oxygen and Some Piss in Urinals. Ban all these evil tools of the bad guys!

  11. Oh No!!! Someone Must Stop This!!! by w.hamra1987 · · Score: 3

    this open source thingie is used for writing malware!! someone must stop them, all opensource must be deemed illegal, and richard stallman should be prosecuted for aiding criminals. if you don't believe me, go ask microsoft, they'll agree with everything i just said.

    --
    my sig pwns your sig
  12. Criminals use modern Software Engineering methods? by gweihir · · Score: 2

    Is there a story in here somewhere?

    Criminals are usually stupid, but eventually even they start to use modern methods. Nothing new or surprising.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. Remember - GUNs don't kill People... by Jah-Wren+Ryel · · Score: 4, Funny

    GUNs don't kill people, GNUs kill people!

    --
    When information is power, privacy is freedom.
  14. The sarcasm in here... by DemonGenius · · Score: 3, Funny

    ... has gone to plaid.

  15. The article's point being? by spyked · · Score: 2

    Bad guys use the toilet too. They also eat and sleep and such, and we could argue that this does indirectly help them make better malware. So?

  16. Great ground to sue them! by gwolf · · Score: 4, Funny

    1. Release a strict GPL-licensed virus (along with source offer and all)
    2. Make it infect your target's executables
    3. Sue them for license breach!
    4. Profit!

    See? I did away with those pesky '???' bits!

    1. Re:Great ground to sue them! by Xtifr · · Score: 2

      Ha! Funny. But just in case a few of the more ignorant slashdotters think you might be on to something, I should point out that you can't sue someone when you modified their work, rather than the other way around. In fact, it's possible that virus writers in general could be sued for copyright infringement because they create derivative works. And if a non-GPL'd virus infected a GPL'd work, the authors of the former might be able to sue to get either the source of the virus released, or have the virus withdrawn. In which case, a virus that was already GPL'd might well be a smart move! :)

  17. Nobody expected? by dave562 · · Score: 5, Funny

    The author is right, nobody would have ever thought that the kind of people who lurk in the computer underground would ever use open source tools or methods to develop their malware. We all thought that "those people" were paying Microsoft for copies of Visual Studio and writing all of their code based explicitly on MSDN code samples.

    1. Re:Nobody expected? by GauteL · · Score: 4, Interesting

      You are completely missing the point. Of course malware authors aren't averse to pirating software.

      In fact you'd sort of expect them to use pirated software rather than FOSS.

      The point here is that the malware authors to some extent seem to deliberately share their code and findings with other malware authors.

  18. New Flash ! EXTRA ! by BlindRobin · · Score: 2

    Criminals, CRIMINALS I SAY ! Drive cars, ride on the bus right beside us, eat food, sleep and defecate just like regular people. Call on God or the wizard of Oz to do something. Please. Please. Oh woe. Oh woe we are doomed, so doomed. Oh grievous despair...