Developing malware using the open source approach
Introduction
Open source development is an approach to the design, development, and distribution of software, offering practical accessibility to the software’s source code. The open source approach claims to have several benefits and advantages compared to a more closed approach to source development.
Some of these benefits are:
- better programs (the source is constantly reviewed and refined)
- faster programming (potentially lots of skilled programmers work simultaneously)
- continuous updates and further development (open source programs do not have the same restrictions related to profitability)
Immensely popular programs like Apache web server, Firefox web browser, Linux operating system to name just a few of the most famous, are results of open source collaborations.
Also applicable for illegitimate software
The advantages involved in creating legitimate software through the open source approach, are to some extent also present for malicious software.
Proof-of-concept source code with exploit examples have a long tradition for being published on the Internet. Recently however, there has been a tendency to more coordinated setups for developing malicious software by using the open source technique.
This approach for developing malware obviously has the same advantages for criminals as it has for benign programmers developing useful computer programs. In addition to the gains mentioned above, we would like to point out that a malicious programmer may post program code which performs a particular task. This may be in the area where she has a particular expertise, and that program code can be reused in several different pieces of malware. An example of such is a program code that exploits a vulnerability in a particular program.
Disadvantages (as seen from the malware creators)
Seen from a malware author's point of view, the open source scheme also have its disadvantages. Some of these are:
Detection by security software
When the malicious source code is publicly (more or less) available, it may also be available for those who create security software (like antivirus products) aimed to detect malware. The security software creators may make detection signatures for malicious open source code, with the potential to catch all malware that utilizes that particular source. This technique is for example refined in Norman's DNA Matching technology.
The clever malware creator of course knows this. To hide the fact that she is using open source code, she may use program packers and make minor alterations in the source. Nevertheless, malware detection is easier when (parts of) the source is known to the security software vendors.
Malware authors are competitors
To some extent the creators of malicious software compete with each other. There are several examples of "malware wars", in which one piece of malware deliberately shuts down another.
Since the motivation behind current malware creation is financial gain, one may view the malware creators as competitors in the same market. And as in any other market: one attempts to hide one's competitive advantages, like a particularly clever twist used in a malicious program.
On the other hand, this market is huge, and it may be that rational players in the market have realized that the gain obtained in collaboration is less than the loss.
Another market reflection
There is, however another observation worth mentioning with respect to market. This has to do with the market for malware itself. Pieces of malware are sold and bought.
A person with malicious intent may actually purchase her own tailored malware on the Internet. She may select different modules that she wants to include in her piece of malware and get exactly the functionality she wants.
This market will obviously suffer when the "commodities" available are freely obtained in the open source market.
The future
If one considers malware as products, the markets are getting increasingly similar to the markets for legitimate products and services (and like other illegitimate markets).
The players in the markets will act the same way as players in ordinary market places.
Consequently, as in the market for developing legitimate software, in the foreseeable future we may expect that there will be two different approaches to developing illegitimate software:
- the proprietary way
- the open source approach
Both approaches have their advantages and disadvantages. So far neither has defined itself to be the superior technique for software development all aspects considered.
