14 DAY TRIAL // During his expeditions in the hacking underground, security researcher Brian Krebs came across a new variant of the infamous bank-account-stealing ZeuS Trojan called Citadel. Its developers mainly address customers who aren’t satisfied with the support offered by other malware providers.
“Its no secret that the products in our field — without support from the developers — result in a a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers,” Citadel’s developers advertise their products.
“One problem is that you have probably experienced developers who ignore your instant messages, because there are many customers but there is only one developer,” they say.
The fact that malware developers rarely make sure that the bugs in their products are patched up and their customers benefit from improved version is seen as a business opportunity for Citadel’s owners.
This is why they offer a bug reporting and a suggestions mechanism via a ticketing system, allowing customers to file as many complaints as they want without going through the trouble of contacting the developer on IM channels.
Clients can also submit their own applications in what appears to be a social network specially designed for malware developers and customers.
For around $2,400 (1,700 EUR) plus a monthly fee, cybercriminals can purchase a Citadel package comprised of a bot builder and a botnet administration panel.
Among other cool features and add-ons that the Trojan’s creators offer, there is one that detects if the victim’s keyboard is Russian or Ukrainian. It’s known that hackers fear Russian authorities more than anything else because they’re known to track down and prosecute those who commit crimes in the virtual environment.
This is why this particular variant of ZeuS shuts itself down as soon as it detects the aforementioned keyboards.