AhnLab Announces the Full Analysis of Citadel Malware
- Collects comprehensive information from infected PC, including banking and
SEOUL, South Korea -- November 26, 2012
AhnLab, Inc. (KRX:053800)(http://global.ahnlab.com), a leading provider of
integrated security solutions today announced the full analysis of Citadel
malware, the latest generation of banking information-stealing malware.
The most famous banking-targeted malware before Citadel was Zeus and SpyEye
Trojan. After the source code of Zeus went public in 2011, Citadel is emerged
as the most dominating malware with enhanced malicious functions.
According to AhnLab, Citadel has many things in common with Zeus. It creates
and manages the botnet, a collection of internet-connected computers those are
infected with malware. It is designed to collect personal information from
infected PCs including online banking information, web browser credential and
SNS account data. The malware also delivers ransomeware and scareware from
attacker in attempts to extort money directly from victims.
In terms of info-stealing, Citadel surpasses Zeus. Both malwares collect and
leak basic information of infected PC, including OS information, data of web
browser in use, system time, and user admin name before they steal banking
credential. Citadel, in addition to the basic information, leaks more
comprehensive information of infected PC including domain information of local
network, the list of data base servers, network configuration information and
homepage setting information. With these information gathered, the attacker
can design more targeted threats.
Citadel is provided in a Software-as-a-Service (SaaS) model, as it has its own
store, and customers can manage the malware from creation to maintenance. The
store offers the Citadel builder, botnets paying in monthly basis, update
service, a test to avoiding AV and many other features. It indicates a recent
trend of the cybercrime ecosystem.
AhnLab’s AOS provides integrated and multi-layered transaction security
against comprehensive security threats. With its four primary components
including AOS Secure Browser, a dedicated security browser that creates a
protected environment for online transactions, AOS Anti-keylogger, AOS
Firewall and antivirus, prevent confidential data loss through this kind of
advanced and targeted attack from sophisticated malware such as Zeus, SpyEye
and Citadel. After the full analysis of Citadel malware, AhnLab keeps working
on analysis of possible Citadel variants.
AhnLab’s AOS is selected by the several world’s most famous banks including
Citibank Korea, Banamex, Banco Santander in Mexico and Cornerstone Community
Bank in US.
Changmin Song, +82.31.722.7563
Press spacebar to pause and continue. Press esc to stop.