Malware developers are gradually turning to open-source solutions in their work.
Increasing Threats 
In the “Global Security Threat Report 2006“, security firm McAfee warns that an increasing number of hackers are freely sharing source code and ideas. This includes sharing source code, technical documents, and even annotations on how certain codes operate. With these documents, authors can easily modify and develop software in their own ways. As a result, global security threats are increasing.
McAfee emphasizes that this is a very effective way to develop various types of source code—both legitimate software and malware.
“Just like any other powerful tool, open source can also be used for malicious purposes—specifically in the field of security,” McAfee warns.
The application of open-source solutions or source code sharing is extremely convenient for the development of “script kiddies,” individuals with limited programming knowledge, including malware programming. They now find it easier to download documents and code snippets to develop new versions of malware.
The Open Virus Community…
Furthermore, McAfee’s report indicates that the trend of forming virtual communities or sharing information through IRC (Internet Relay Chat) channels is becoming increasingly prominent among virus programmers—especially those involved with organized cybercrime groups.
However, such groups find it very difficult to join open-source communities due to their mindset of needing to avoid attracting the attention of law enforcement.
The development of malware is also a long-standing cycle—where codes are developed, bugs are fixed, and then both beta and official releases are launched within the malware development community. This process is identical to the development process in legitimate open-source software communities.
“We can definitely say that open-source solutions have allowed them to create more effective and higher-quality attacks,” McAfee warns. “The trend today is group development.”
Hacking tools are also being created and distributed for free under the open-source model, McAfee notes. For example, versions of SDBot—a Trojan capable of opening a backdoor on infected systems—are actually an extension of the FU hacking toolkit. This tool can be found anywhere on the Internet. Moreover, McAfee states that if one takes the time, they can discover a wide range of other malicious tools online.
Meanwhile, very few virus authors “dedicate” time to creating and debugging an entirely new virus from scratch. Nowadays, hackers also operate like consultants, providing comprehensive guides when they decide to open the source code of their malware.
“This is a very effective solution for developing malware,” McAfee concludes.
Hoang Dung
