Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bad Guys Use Open Source, Too

timothy posted more than 2 years ago | from the malice-aforethought dept.

Operating Systems 84

First time accepted submitter colinneagle writes "Open source has been so successful in giving us software like Linux, Apache, Hadoop, etc., why wouldn't the open source method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using open source models to hone their code and make the Trojan more dangerous."

cancel ×

84 comments

Title (5, Funny)

karolgajewski (515082) | more than 2 years ago | (#39005249)

Their grammar's great, too.

Re:Title (2)

Higgins_Boson (2569429) | more than 2 years ago | (#39005267)

There grammerz grate, to.

Fixed yours to match the title.

Re:Title (-1)

Anonymous Coward | more than 2 years ago | (#39005323)

There grammerz grate, to.

Fixed yours to match the title.

All your base belong to us.

Re:Title (2)

Dark$ide (732508) | more than 2 years ago | (#39005349)

There grammerz grate, to.

Fixed yours to match the title.

All your base belong to us.

All your base are belong to us.

FTFY, you're welcome.

Re:Title (0)

Anonymous Coward | more than 2 years ago | (#39005271)

Their grammar ARE great.

Re:Title (2)

Samantha Wright (1324923) | more than 2 years ago | (#39005277)

It can be linguistic fascism time now, please?

Re:Title (0)

Anonymous Coward | more than 2 years ago | (#39005413)

Where's the little flag for the summary? I want to report the grammar abuse in the headline!

Re:Title (1)

Chrisq (894406) | more than 2 years ago | (#39005673)

Their grammar's great, too.

Not quite - they forgot the apostrophe in Guy's

Re:Title (0)

Anonymous Coward | more than 2 years ago | (#39005725)

Their grampar is only so-so.

Re:Title (1)

sharph (171971) | more than 2 years ago | (#39012413)

I fixed this sentence:

According to this report from Seculert Research the makers of Citadel, a variant of the Zeus Trojan, are using open source models to hone their code and make the Trojan more dangerous.

The original sentence made it out to sound like Seculert Research were the makers of Citidel, and a variant of the Zeus Trojam was using open source models.

Proofreading, please (1)

Anonymous Coward | more than 2 years ago | (#39005255)

>> Bad Guys Are Use Open Source, Too

All your base are belong to us

Re:Proofreading, please (1)

Sulphur (1548251) | more than 2 years ago | (#39006227)

>> Bad Guys Are Use Open Source, Too

All your base are belong to us

All your assets are belong to us.

Is this a "Captian Obvious" thing? (5, Funny)

PessimysticRaven (1864010) | more than 2 years ago | (#39005259)

...Malware writers are using *gasp* coding to further their goals?!? Horrorz!

Re:Is this a "Captian Obvious" thing? (1)

Anonymous Coward | more than 2 years ago | (#39005835)

"The waterfall model of software development has been so successful in giving us software like Windows, IIS, Skype, etc., why wouldn't the waterfall method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt waterfall methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using waterfall models to hone their code and make the Trojan more dangerous."

Truly, we should all fear the dangers of sequential design and development...

Re:Is this a "Captian Obvious" thing? (0)

Anonymous Coward | more than 2 years ago | (#39005945)

From the "where-my-specs" dept.

Question is... (5, Funny)

DarkFencer (260473) | more than 2 years ago | (#39005261)

Sure but what license are they using? I make sure all my malware is GPL3. None of that BSD licensed malware for me!

Re:Question is... (5, Funny)

w_dragon (1802458) | more than 2 years ago | (#39005363)

That only makes sense, after all the GPL is the viral license!

Re:Question is... (5, Funny)

muon-catalyzed (2483394) | more than 2 years ago | (#39005443)

FOSS purists even recommend to call it GNU/Zeus Trojan

Re:Question is... (1, Funny)

Opportunist (166417) | more than 2 years ago | (#39005601)

Oh snap, any AV kit finding their crap violates the GPL now.

(as if they didn't yet...)

Static linking. (1)

donscarletti (569232) | more than 2 years ago | (#39005775)

Use LGPL3, that way if it infects a proprietary executable it won't be a license violation.

Great ground to sue them! (4, Funny)

gwolf (26339) | more than 2 years ago | (#39005921)

1. Release a strict GPL-licensed virus (along with source offer and all)
2. Make it infect your target's executables
3. Sue them for license breach!
4. Profit!

See? I did away with those pesky '???' bits!

Re:Great ground to sue them! (2)

Xtifr (1323) | more than 2 years ago | (#39006169)

Ha! Funny. But just in case a few of the more ignorant slashdotters think you might be on to something, I should point out that you can't sue someone when you modified their work, rather than the other way around. In fact, it's possible that virus writers in general could be sued for copyright infringement because they create derivative works. And if a non-GPL'd virus infected a GPL'd work, the authors of the former might be able to sue to get either the source of the virus released, or have the virus withdrawn. In which case, a virus that was already GPL'd might well be a smart move! :)

Re:Great ground to sue them! (1)

muridae (966931) | more than 2 years ago | (#39007247)

Well, that's probably an issue that lawyers would like to try. Just imagine the SCO case all over again! The more simple issue is that you can't sue when someone else uses your GPL virus to modify code on their computer, and they don't distribute it. The closed source guys might sue the user, since modifying might be against the license. But remember, the GPL puts little restrictions on using the code, but lots of restrictions on re-releasing it.

Re:Great ground to sue them! (1)

Xtifr (1323) | more than 2 years ago | (#39008119)

Hmm, that's a fair point. OTOH, if your virus were intended to target one or more GPL'd programs specifically (if, for example, MS decided to release a virus to go after Cygnus), then it could be considered an attempt to distribute a derivative work, just as the original NeXT Objective-C compiler was. NeXT carefully tried to separate their front end from the rest of GCC, and make the users link it in manually, but after their lawyers talked to the FSF lawyers, they quickly backed down and released their formerly binary-only front end under the GPL. Which is why GCC includes an Objective-C compiler today. On paper, it may look like NeXT had found a perfect way around the GPL, but the law takes intent into account, and it was clearly their intent to distribute a derivative work, even though technically all they distributed was their own work and a set of instructions.

Note that this could be a problem for anyone writing a virus to target GNU/Linux, at least if it were at all dependent on either the kernel or core GNU facilities. A POSIX-compliant or Single-Unix-Spec-compliant virus that just happened to be able to target Linux, though, would probably be ok. But since viruses often take advantage of flaws in an implementation, it would probably be a lot harder to create a successful virus that ignored implementation completely.

Heck, in the end, it's probably just easier and safer to go ahead and GPL your virus. There's no downside, and it may have unexpected benefits. :)

Re:Great ground to sue them! (0)

Anonymous Coward | more than 2 years ago | (#39009017)

Heck, in the end, it's probably just easier and safer to go ahead and GPL your virus. There's no downside, and it may have unexpected benefits. :)

Hi, is this Microsoft? We are going to sue you for your illegal use of code derived from our GPL3-licensed GNUILoveU.w32 in you Security Essentials product.

Re:Great ground to sue them! (1)

Darfeld (1147131) | more than 2 years ago | (#39008295)

I see that. Obviously, if you don't have the '???', your doing something wrong.

Re:Question is... (1)

vandamme (1893204) | more than 2 years ago | (#39012003)

My wife uses a malware client called "Windows Seven". Now I can change her over to GPL.

Those bad guys do sure are (4, Funny)

roman_mir (125474) | more than 2 years ago | (#39005269)

Are they do?

Re:Those bad guys do sure are (1)

bmo (77928) | more than 2 years ago | (#39005813)

"They don't think it be like it is, but it do." - Oscar Gamble

--
BMO

because it works? (1, Interesting)

cellocgw (617879) | more than 2 years ago | (#39005293)

I guess the "takeaway" from this is that trying to produce working code with .Net or PowerShell is well-nigh impossible.

Re:because it works? (2)

Samantha Wright (1324923) | more than 2 years ago | (#39005315)

Nah, this isn't about compiler or environment, but the employment of a community-centric development model. Even bounties, it looks like.

Re:because it works? (4, Funny)

K. S. Kyosuke (729550) | more than 2 years ago | (#39005343)

Even bounties, it looks like.

Isn't that rather booties? Arrr!

Re:because it works? (1)

TheLink (130905) | more than 2 years ago | (#39006191)

The disadvantage of using .Net or Powershell for malware is they require the victim to have .Net / Powershell installed.

As for OSS, Perl malware might be interesting (TIMTOWDI for polymorphic self modifying malware that looks for new instructions via LWP), but the resulting standalone windows executable would be more than 1MB and closer to 4MB I think (could try to shrink it with upx, but it's still going to be more than 1MB).

Need open-source antimalware too (5, Interesting)

Eric Smith (4379) | more than 2 years ago | (#39005297)

Why should only the criminal side of the malware equation get the benefits of open-source?

Re:Need open-source antimalware too (1)

PrescriptionWarning (932687) | more than 2 years ago | (#39005425)

I'm sure they use commercial software too. Like windows.

Re:Need open-source antimalware too (2, Funny)

Anonymous Coward | more than 2 years ago | (#39005741)

I'm sure they use commercial software too. Like windows.

They have to test the malware somehow.

Re:Need open-source antimalware too (0)

Anonymous Coward | more than 2 years ago | (#39005475)

oh its anti-malware.

i kept thinking it was animal-ware

Re:Need open-source antimalware too (3, Insightful)

MurukeshM (1901690) | more than 2 years ago | (#39006039)

Something called ClamAV?

English, motherfucker! (0)

Anonymous Coward | more than 2 years ago | (#39005299)

Do you speak it?

(Seriously - wtf is up with the article title? EDITORS DO YOUR JOB.)

Haven't they always? (4, Insightful)

DoninIN (115418) | more than 2 years ago | (#39005317)

Sort of anyway? Seems to that the networks of hackers and bad guy developers has always been sharing notes and code, and that this technique has long been used as an "intelligence amplifier" allowing a loose collection of bad guys who couldn't or at least didn't get real jobs to create some powerful malware tools. Which are often then used by someone else with slightly less coding sense and much more ambition to make some money, and to spread the idea of making money this way to others. The whole industry is a lot like multi-level marketing that way.

Re:Haven't they always? (4, Insightful)

dkleinsc (563838) | more than 2 years ago | (#39005365)

In addition, any code that's given away to do good can also do evil. Consider, for instance, nmap. It's great if you're trying to see how open you are to attack, or if you're trying to take down a power grid so Neo and Morpheus don't get killed, but it's also really handy if you're trying to determine the best vector for taking over a host.

Re:Haven't they always? (1)

SecurityGuy (217807) | more than 2 years ago | (#39005637)

Yes, they have for as long as I've known anything about it, and that's about 20 years. This is nothing new.

Uh, malware has been using open source for ages (4, Insightful)

Anonymous Coward | more than 2 years ago | (#39005333)

Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have.

That's just idiotic and the whole article reads as an advertisement for Seculert

Re:Uh, malware has been using open source for ages (0)

BenJury (977929) | more than 2 years ago | (#39005747)

...the whole article reads...

You must be new here...

fear drinkers (1)

epine (68316) | more than 2 years ago | (#39009539)

Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have.

That's just idiotic and the whole article reads as an advertisement for Seculert

It's beyond idiotic. This kind of language might have been appropriate in OMNI in 1978 to describe an outburst of creative thinking by Robert Trivers in the early 1970s.

It would also have been appropriate in the same issue of OMNI to run an article about a race of beings—not nearly so clear thinking as Robert Trivers—who survive by drinking the fear of others.

Please (0)

Anonymous Coward | more than 2 years ago | (#39005353)

that's like saying HEY bad guys use forks and kitchen utensils too
PANICK NOW

what is with the world and retard posts.....

Bad Guys Also Use Closed Source Model! (3, Funny)

rubycodez (864176) | more than 2 years ago | (#39005393)

Bad Guys Also Use Closed Source Model! Bad Guys Even Use Software and Hardware! Bad Guys Breath Oxygen and Some Piss in Urinals. Ban all these evil tools of the bad guys!

Formatting... (1)

renek (1301131) | more than 2 years ago | (#39005355)

To fit in with the Title, I formatted the rest of the post for your bleeding eyeball convenience: "Our software, such as Linux, Apache, hadob, and so forth, why open source won't work for other types of open-source software successful? Maybe a Trojan malicious programs opened behind the expected big criminals"

Anti-OSS Added to SOPA (0)

Anonymous Coward | more than 2 years ago | (#39005445)

In order to make sure that all computers are safe from the cancerous open source software movement which is obviously only useful to terrorists, pedophiles, hackers and pirates, an amendment will be added to SOPA legislation declaring all Open Source Software as illegal to posses, create or distribute. Anyone caught using open source software is obviously a terrorists, pedophile, hacker or pirate.

Thank you
The **AA controlled Congress of the United States

Sharing is caring (0)

Anonymous Coward | more than 2 years ago | (#39005453)

As long as they share their code with as many people as possible, it's all good. I wonder if they get Hans Reiser to sign-off their code?

Oh No!!! Someone Must Stop This!!! (3)

w.hamra1987 (1193987) | more than 2 years ago | (#39005503)

this open source thingie is used for writing malware!! someone must stop them, all opensource must be deemed illegal, and richard stallman should be prosecuted for aiding criminals. if you don't believe me, go ask microsoft, they'll agree with everything i just said.

Re:Oh No!!! Someone Must Stop This!!! (1)

lexsird (1208192) | more than 2 years ago | (#39006565)

Hey! It was Christmas, they needed to shake down the industry for some big Christmas bonuses.

Congress: the other white collar crime.

Criminals use modern Software Engineering methods? (2)

gweihir (88907) | more than 2 years ago | (#39005505)

Is there a story in here somewhere?

Criminals are usually stupid, but eventually even they start to use modern methods. Nothing new or surprising.

Re:Criminals use modern Software Engineering metho (1)

Cruciform (42896) | more than 2 years ago | (#39005749)

Petty criminals are usually stupid (or just desperate).
There are lots of criminals that are smart, ripping people off every day, and not getting caught.
Or they just happen to be the ones funding the legislators.

Goatse is the original "open source" (-1)

Anonymous Coward | more than 2 years ago | (#39005521)

You know it's true. Without him freely opening his anus for your enjoyment you would never be able to be a Slashdot faggot.

Remember - GUNs don't kill People... (4, Funny)

Jah-Wren Ryel (80510) | more than 2 years ago | (#39005669)

GUNs don't kill people, GNUs kill people!

Re:Remember - GUNs don't kill People... (0)

Anonymous Coward | more than 2 years ago | (#39005943)

I don't know about that but with the law the way it is now you'll probably spend longer in jail for the GNU option ;)

Re:Remember - GUNs don't kill People... (1)

maxwell demon (590494) | more than 2 years ago | (#39007033)

But then to comply with GPL3, they have to hand out the keys to the jail!

Re:Remember - GUNs don't kill People... (1)

marcosdumay (620877) | more than 2 years ago | (#39008377)

Well, if you ever see a gnu hurd comming your way, run away! As fast as you can!

The sarcasm in here... (3, Funny)

DemonGenius (2247652) | more than 2 years ago | (#39005687)

... has gone to plaid.

April Fools' Day? (0)

fotoguzzi (230256) | more than 2 years ago | (#39005721)

I have four mod points left, but I am unable to find a post worth modding up or down. I think slashdot is about done. I haven't figured out reddit, yet. Is there anything else worth logging onto?

What does this prove? (1)

Murdoch5 (1563847) | more than 2 years ago | (#39005753)

Okay so some "bad guys" use open source software to improve there destructive ability. How many "bad guys" use closed source software to improve there destructive ability.

The article's point being? (2)

spyked (1878060) | more than 2 years ago | (#39005827)

Bad guys use the toilet too. They also eat and sleep and such, and we could argue that this does indirectly help them make better malware. So?

Why wouldn't we have expected this (1)

Todd Knarr (15451) | more than 2 years ago | (#39005853)

Why wouldn't anyone have expected the bad guys to do this? They've been doing it for decades already. Back when it was dial-up BBS systems, the bad guys had BBS networks of their own with download libraries full of code and discussion boards full of people discussing and refining their techniques and making their viruses better. As programming and development methodologies have evolved, why wouldn/t we expect programmers and developers on the bad side would adopt them just like any other programmers?

Pointless (0)

Anonymous Coward | more than 2 years ago | (#39005931)

Ya, no shit. I need an aspirin.

Re:Pointless (0)

Anonymous Coward | more than 2 years ago | (#39010193)

Ya, no shit. I need an aspirin.

Wouldn't a laxative be a better choice?

Nobody expected? (5, Funny)

dave562 (969951) | more than 2 years ago | (#39006155)

The author is right, nobody would have ever thought that the kind of people who lurk in the computer underground would ever use open source tools or methods to develop their malware. We all thought that "those people" were paying Microsoft for copies of Visual Studio and writing all of their code based explicitly on MSDN code samples.

Re:Nobody expected? (4, Interesting)

GauteL (29207) | more than 2 years ago | (#39006481)

You are completely missing the point. Of course malware authors aren't averse to pirating software.

In fact you'd sort of expect them to use pirated software rather than FOSS.

The point here is that the malware authors to some extent seem to deliberately share their code and findings with other malware authors.

Re:Nobody expected? (0)

Anonymous Coward | more than 2 years ago | (#39006689)

In fact you'd sort of expect them to use pirated software rather than FOSS.

Really? That's... ridiculous. When was the last time you saw a trojan on Apple's App Store? And don't get me started on licensing terms for Oracle's password cracking software that, oh wait, doesn't exist.

The point here is that the malware authors to some extent seem to deliberately share their code and findings with other malware authors.

In short, there is no point here. This has been well known since before Al Gore even invented the Internet.

Re:Nobody expected? (1)

Waccoon (1186667) | more than 2 years ago | (#39008745)

What's surprising about this? The Amiga community was notorious for it's hackers, and those guys threw their code into the public domain back when public domain was actually public and the GPL didn't exist.

Granted, mal-ware was more for yuks than profit back then.

Re:Nobody expected? (0)

Anonymous Coward | more than 2 years ago | (#39009395)

The point here is that the malware authors to some extent seem to deliberately share their code and findings with other malware authors.

Members of organized crime collaborate when it's in their interest to do so.

Bad news (1)

Anonymous Coward | more than 2 years ago | (#39006171)

Hey there Mr. Software Expert.
"Probably no one expected that the criminals behind vast malware trojans would adopt open source methods." Only a NetworkWorld writer wouldn't suspect that.

Even with the tremendous growth and availability of tools, the number of people worldwide that write code beyond the "hello world" level is still tiny. The people who write new code is a small fraction of that. The people who write functional new code is, yet again, another small subset.

Out of that tiny group of people, the number of people who understand systems well enough to write new and functional code that does anything significant is miniscule. ALL of your significant malware writers are software developers that are already part of that group.

It isn't that malware developers are some separate group of evil-doers who sprout up independently, like there is a special Malware developer factory somewhere. THEY ARE SOFTWARE DEVELOPERS. Not expecting them to use open source takes a degree of ignorance that is staggering.

Not what Trojans are for (0)

Anonymous Coward | more than 2 years ago | (#39006315)

You wear Trojans to *protect* from viruses.

Re:Not what Trojans are for (0)

Anonymous Coward | more than 2 years ago | (#39010263)

Sorry, condom jokes don't parse here.

Who says they are bad guys? (0)

Anonymous Coward | more than 2 years ago | (#39006329)

Maybe they are the good guys, underdogs just trying to get by in a world that keeps pushing them down. You don't think people are going to fight back once they have been pushed around long enough?

msg from Waggener Edstrom (1)

Anonymous Coward | more than 2 years ago | (#39006477)

Inject the terms open-source and malware into the blogosphere. Under no circumstance mention Microsoft Windows ...

New Flash ! EXTRA ! (2)

BlindRobin (768267) | more than 2 years ago | (#39007051)

Criminals, CRIMINALS I SAY ! Drive cars, ride on the bus right beside us, eat food, sleep and defecate just like regular people. Call on God or the wizard of Oz to do something. Please. Please. Oh woe. Oh woe we are doomed, so doomed. Oh grievous despair...

Hackers nab EUR800,000 from bank (1)

David Gerard (12369) | more than 2 years ago | (#39007287)

Russian hackers have accepted EUR800,000 in donations from customers of Nordea, Sweden's largest bank, after a sophisticated "phishing" campaign recruited customers into downloading a Trojan horse program that recorded their account login details.

The Russians had looked up the definition of "hacker" in the Jargon File and been inspired to leverage the creative power of open source Free Software. The first campaign took place in August 2006 and was detected a month later, having affected around 250 Nordea customers.

The emails claimed to be from the Nordea Open Trojan Foundation, telling recipients to install an anti-spam and donation tool. Their computers were then infected by the Trojan HaxDoor.RMS.w32, which installs itself in C:\WINDOWS\SYSTEM32 and sends your passwords to its creators, but only after you have read through and accepted the GNU General Public License and checked the README file for known problems. The email also included full source code.

Swedish police traced the attacks to Russia by looking at the contact details, including address and phone number, included in the README. They have filed over 100 bugs on the creators' SourceForge project and joined the mailing lists on the grass-roots marketing and publicity site SpreadHaxDoor.com.

A Nordea spokesman said the attacks have "quietened down" after the initial influx last Autumn. "We are constantly looking at the security of our online banking and many different measures are taken. We are updating our systems behind the scenes. Many already run on enterprise Linux distributions, but we will be moving desktops to Linux as well for more efficient funds transfer with less reverse engineering required, and may recommend that our customers do the same."

The Trojan only affects computers running Windows. "For unsupported platforms, we have an 'honor system' which gives our details so you can send some money in," said a spokesman for the hacker group. "We hope this will help and encourage contributors interested in porting the Trojan to other operating environments."

Photo: The penis on the 2 Eurocent coin [wikia.com] .

I'm confused... (0)

Anonymous Coward | more than 2 years ago | (#39007307)

every related article I've ever seen on this site talks about how governments at all levels REFUSE to even consider OSS - what's changed?

do the TSA's strip search machines run Linux?

Waiting (0)

Anonymous Coward | more than 2 years ago | (#39008127)

Can't wait for the CUDA and OpenCL virus packages.

Windows Anti-Virus 2015 Supercomputer Edition

Beware the effect of stories like this on public (0)

Anonymous Coward | more than 2 years ago | (#39008215)

Controversy and "negative" stories like this tend to stick in folks minds. Once, when I told an acquaintance of some years that I worked on Linux they asked if I was a criminal because they'd heard that criminals use Linux. So, as much as these stories are true, be wary of folks who trumpet them because they may be trying to tar-and-feather your community.

Nuclear Weapon Research is using FOSS too (0)

Anonymous Coward | more than 2 years ago | (#39008921)

That's a bit worse than malware.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...