Virus writers use open-source methods  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  

Malicious software writers are increasingly using open-source methodologies when developing their code, according to security company McAfee.

In its Global Threat Report for 2006, McAfee warned that more hackers are sharing source code and ideas freely. This includes distributing source code with documented explanations and annotations of how that code works, which helps programmers adapt it.

McAfee said that this can be an extremely effective way of developing code, both legitimate and malicious.

"Like any powerful tool, open source can also be used for malicious purposes, particularly in security," McAfee said in its Global Threat Report for 2006.

"DoomJuice was a mass-mailer that distributed a copy of MyDoom. Maybe the author was proud of their skills being reused. It contained the documented source code of MyDoom, like a Lego kit with instructions," said McAfee UK security consultant Greg Day.

So-called script kiddies, who download easy-to-use malicious software from the Internet, have long been a reality. But McAfee's report claims that more virus writers, especially those involved in organized crime, are forming communities and typically share information over IRC (Internet Relay Chat) networks.

However, these groups are much harder to join than open-source software communities, as the malicious software writers try hard not to attract the attention of the authorities.

McAfee said that malicious software now has a long-term development cycle, with code being developed, bugs being fixed, and betas and final versions being distributed among the malicious software community in ways similar to those used in legitimate open-source communities.

"You could say open-source methodology allows them to build better-quality attacks," Day told ZDNet UK. "Today's news is group development."

Hacker tools are also created and distributed freely on an open-source model, according to McAfee. Versions of SDBot, a Trojan horse that opens a backdoor, included an add-in for an FU rootkit, a cloaking piece of software available on the Internet. McAfee claims it is possible to find documented copies of the FU rootkit online "if you hunt around." It is also possible to find documented copies of Morphine, a tool used by hackers to circumvent antivirus protection.

Day said that few virus writers are devoting time to coding from scratch and resolving bugs. Hackers are also acting as paid consultants--an enterprise also known as "patronage"--offering guidance once their source code has been opened.

"This is an effective methodology for ill-gotten gains," Day said. "If anything, this shows that open source is an effective way of coding--a good idea being used for bad intent."

Article submitted by: BigJim
Last Update: 07-17-2006
Category: Security

Print | E-mail

Current rating: 5.70 by 107 users
Would you recommend this article to a friend?

Not a Chance 12345678910 Absolutely

Re: Virus writers use open-source methods

By: lordz20 @ 08:11:53 : 08-17-2006

I would like to get to meet one of these guyS icon_twisted.gif

Please register or sign-in to post comments.

Related News Stories

(7,183 reads) 07-05-2008
 · Fusion Security
(13,190 reads) 06-02-2007
 · NukeSentinel(tm)2.5.10 Critical Update
(11,582 reads) 05-07-2007
 · NukeSentinel(tm) 2.5.08 Maintainance Release
(13,200 reads) 03-15-2007
 · NukeSentinel(tm) 2.5.07 Reissued: Critical Update
(11,660 reads) 03-02-2007
 · NukeSentinel(tm) 2.5.06: Critical Update
(12,398 reads) 01-23-2007
 · NukeSentinel(tm) 2.5.05 released
(12,402 reads) 12-24-2006
 · NukeSentinel 2.5.04 released
(12,206 reads) 11-03-2006
 · NukeSentinel(tm) 2.5.03 Released
(15,077 reads) 10-19-2006
 · Php Nuke 8.0 Patched
(12,272 reads) 10-01-2006
 · ipBan Modification