The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at

Malware can be rapidly customized. How does that affect you? - BullGuard


Cybercriminals have their own social networks. But they only use them to talk about existing malware and how it can be improved to perform more evil tasks.


These social networks are, in fact, “open-source” platforms set up by malware writers who give their customers, fellow cybercriminals, the possibility to report malware malfunctions. They can also suggest “fixes” and new features that can overrule the security provided by basic antivirus software.


Malware that can evolve as a result of various cybercriminals’ collaborating on these platforms is known as “open-source” malware – the latest great challenge to web users’ antivirus protection. It’s also every hacker wannabe’s dream. Any ill-intentioned person with basic programming skills can modify the code of existing malware to create a new strain more suited to their needs. These needs depend, of course, on what they want to rob you off or what kind of malware attack they want to launch on your computer.


What does this mean exactly? More malware your way. With all the bad guys out there, an alarming number of new viruses, Trojans and worms can be developed at an incredibly fast pace. Without antivirus protection against the newest forms of malware, your computer security can be at high risk.



Open-source malware. The Citadel Case


The most relevant example of an open-source piece of malware is the Citadel banking Trojan. Its swift evolution and several strains stand proof that the future of malware creation is pretty bright and that of traditional antivirus software, pretty challenging.


When the source code of the mighty Zeus banking Trojan leaked in 2011, cybercriminals rushed to grab it and get their hands dirty. Many used it in its leaked form; others created new strains of it. Citadel, a dangerous Trojan with bot capabilities, is one of them. It was released in late 2011.


According to antivirus protection experts, its defining feature is the built-in social networking platform called the “Citadel Store”. The cybercrooks who purchase the licence to Citadel from fellow crooks have to go through a two-step authentication process to log in to the Citadel Store. Here they can report and fix programming issues, suggest/ request and vote on new features and modules.


Several versions developed on the open-source platform have already been used in malware attacks. They showed various malicious features and improvements like: highly secured configuration files; video-recording operations performed on the infected PC, whenever the victim goes to a particular website; blocking the access to websites offering antivirus protection; blocking botnet tracking services.



What to do to stay safe from fast evolving threats?


As with any successful business, malware creation and distribution relies on customer feedback and customer support. The emergence of a real-time, customer-driven and group-sourced malware market is a disturbing innovation for the antivirus protection industry. And it seems this is the new business trend on the online black market. How can you make sure you don’t become one of its victims?


  • Stay informed not only about the latest types of internet threats, but also about security updates that companies producing antivirus software come up with to counter them. You can make up a list of reputable security websites and articles and check it regularly.
  • Get an effective Safe Browsing tool to steer you clear of any malicious websites that may be infected with malware. BullGuard’s antivirus software comes with such a feature.
  • Install proactive antivirus software that can spot and remove even the newest forms of malware. BullGuard Antivirus 12 is powered by a state-of-the-art dual antivirus engine that brings together Signature-based Detection – technology which enables it to spot and remove already-known malware by how it looks – and Behavioural-based Detection – technology that enables it to catch as yet unknown malware by how it acts in your system.

Was this article helpful?