McAfee, a prominent security firm, has reported that hackers are mimicking the techniques of open-source software groups, learning from the methods that contributed to the success of Linux and Apache to enhance their malware.
This is most prominently illustrated by the rapid increase in “bot” software, which hackers often use to gain control over users’ computers. Dave Marcus, the Director of Security Research and Communication at McAfee’s Avert Labs, stated that unlike past viruses, “bot” software is typically authored by a group of individuals collaborating and using the same tools and techniques as open-source programmers.
He said: “Over the past year and a half, we have discovered that ‘bot’ software is developed using open-source tools and following open-source software development methodologies.”
The current generation of “bot” software has evolved to the point where open-source development tools have become entirely suitable for them. For instance, the creators of the Agobot malware are using the Concurrent Versions System, an open-source software, to manage their project with hundreds of source code files.
McAfee researchers described how hackers exploit these open-source techniques in a newly published journal on July 16. Named Sage, the inaugural issue of this journal features a cover story titled “The Price of Open Source Progress“. Marcus mentioned that McAfee plans to publish an issue of Sage every six months.
He indicated that McAfee aims to draw public attention to this trend of exploiting open-source software to educate users and has no intention of discrediting open-source software. He remarked: “We believe that open-source antivirus products are excellent. We’ve never really compared them directly to our own products, but we’ve always been the most enthusiastic supporters of open-source antivirus software.”
However, Marcus disagrees with certain security experts who disseminate samples of malware. He stated: “We are not attacking open-source activities; we are discussing the concept of full disclosure and how it can be exploited to develop malware.”
Nonetheless, some security experts do not share Marcus’s viewpoint. Stefano Zanero, the CTO of Secure Network SRL, argues that full disclosure serves legitimate researchers and helps software companies respond more swiftly. He stated: “Research is conducted based on publicly available information, not on secrets.“
