Banking Malware: Sophistication Rises In Longtime Botnet Families


2. Citadel

Another extremely active botnet is Citadel, which shares many of the same characteristics with Zeus. The botnet ranks second, producing 33 percent of the banking Trojan activity observed by Dell Securworks. The Citadel botnet was temporarily disrupted by authorities last year, but it is resurfacing. The researchers said the creators of the botnet have been active, adding features and other capabilities, such as strong encryption of communication pipelines from infected systems to the remote command and control server. The creators have created a crowdsourcing model so users can propose features. Citadel malware also can block access to security sites on the system it has infected, making it difficult to find information about removing the infection.