Open source model creates new cybercrime frontier

Model provides platform for cybercriminals to come together to share knowledge and develop new, advanced malware, more quickly and at lower costs, insiders warn.

A correction was made to this story. Read below for details.

Inspired by the success of the open source development model, criminals are creating similar community models and, in doing so, opening up a new avenue for malicious software and malware incubation, industry insiders warn.

Security firm Seculert, for one, wrote in a blog post in February about the creation of Citadel--a new variant of Zeus Trojan. It was noteworthy because the developers created a social network that enabled other cybercriminals to suggest improvements and new features for the malware, report bugs, and discuss related issues with those within the community. This development may indicate that open source malware may be the next evolution, it stated.

"The cybercrime world is characterized by rapid development, cutting-edge technology, and hackers' constant craving for recognition," Seculert wrote. "By looking at the developments in the software world, the open source model may be well accepted in the cybercrime ecosystem as well."

Open source links disparate cybercrime community
Vic Mankotia, vice president of security at CA Technologies Asia-Pacific, agreed with Seculert, explaining that the open source model is a "breeding ground" for malicious software incubation and provides structure, process and methodology to an otherwise disconnected and disparate community of criminals.

This development model enables cybercrooks to contribute updates, improvements and changes to toolkits that are used to deploy malware, viruses and phishing attacks, he elaborated.

Another security observer, Joseph Steinberg, CEO of Green Armor Solutions, highlighted open source malware as a growing problem, too. This is because criminals can leverage an open source-like model to create more advanced malware but with less time and effort, he noted.

Elaborating, he explained that the open source model has been successful for developing legitimate enterprise software because it leverages the benefits of pooled knowledge from the community. Similarly, criminals can now consolidate and share their knowledge in a community setting to rapidly develop more sophisticated malware, he said.

"It means that not only must computers, tablets and smartphones have security packages updated more frequently, the chances of corporations being hit with zero-day attacks and other forms of attacks in which security packages do not yet offer defenses against the attack are dramatically higher than in the past," Steinberg added.

Jason Pearce, Asia-Pacific sales engineering director at M86 Security, disagreed that the open source model will be accepted by the black hat community, though.

Open source refers to making software code freely available for everyone's use and with minimal support, he explained, and if this model was to be used by cybercriminals, it lessens their ability to charge for malware toolkits. He noted that popular hacking tools such as nessus had originally been open source, but were subsequently "protected" to ensure exclusivity and to generate revenue.

Additionally, by openly sharing the malware codes and updates, the ability to launch new, unknown attacks is eliminated. To stay ahead of mainstream security vendors, cybercriminals have to keep a low profile and this cannot be done by adopting the open source model, Pearce added.

Secure all fronts
Asked how companies can mitigate the possibility of increased malware risks, Steinberg advised companies to install Web-based security tools on all computers, including tablets and smartphones, and these tools must be frequently updated to fend off new threats. They should also enact "sensible" policies on Internet usage and how workers connect to the corporate network using their personal mobile devices, he added.

Pearce remarked that protection is no different from standard security best practices, which include a multi-tiered security approach to protect network perimeter and endpoints as well as the ability to protect against social engineering.

"Organizations must deploy malware-prevention techniques, ensure that configuration of their devices meets best practices, and regularly audit the environment to look for potential weaknesses," he said.

Correction: The original article reported that hacking tool nmap was no longer open source. However, the software's developer Gordon Lyon has clarified with ZDNet Asia that the tool is open source and the source code is available for download here.