To install Citadel, you simply browse to the install folder with your browser (Figure 3) and set up the main access username and password as well as database information. The kit requires server software such as Apache, and PHP with a MySQL database to work properly. An instruction manual in both Russian and English is provided. It costs around $3000 USD.įigure 2 shows what the package looks like. Recently, the Citadel kit was withdrawn from forums to prevent too much exposure and attention. Once again, the core installation files can be found in the underground community or through your own connections. A variety of crimekits exist but in this post we will concentrate on Citadel. Once set up with a server, it is time to install what will be the mastermind program to create and organize an entire array (botnet) of infected computers worldwide. To cover their tracks even more, the bad guys use proxy or VPN services that disguise their own IP address. Those hosting firms are for the most part located in countries like China or Russia and therefore in their own jurisdiction where so long as you don’t commit crimes against your own people not a whole lot can happen to you. Such companies are called Bulletproof hosting and can be found in most underground forums (Figure 1). In order to get into business the bad guys need a server that is hosted at a company that will turn a blind eye on their activities and also guarantee them some anonymity. This is not meant as a tutorial and I do want to stress that running a botnet is illegal and could send you to jail. In this post, I will show you how criminals operate a botnet. A version of Citadel (1.3.4.5) was leaked in late October and although it is not the latest (1.3.5.1), it gives us a good insight into what tools the bad guys are using to make money. Citadel came out circa January 2012 in the online forums and quickly became a popular choice for criminals. Citadel is an offspring of the (too) popular Zeus crimekit whose main goal is to steal banking credentials by capturing keystrokes and taking screenshots/videos of victims’ computers. For cyber criminals it is a powerful and state-of-the-art toolkit to both distribute malware and manage infected computers (bots). In old times, a citadel was a fortress used as the last line of defense.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |