Citadel Trojan is a highly dangerous computer infection which has regained the attention of malware researchers as new attacks have been launched in European and Japanese institutions. Until now, the Trojan, a variant of the well-known Zeus malware, has been used for stealing personal information such as banking login data. Now Citadel Trojans is targeted at financial institutions.
It has been estimated that there are approximately 300 different variant of Citadel which has struck different countries, institutions and even particular cities. The range of the targeted entities varies greatly as Citadel Trojan has been used for stealing into the computers of healthcare organizations, manufacturing, oil and industry companies and even educational institutions.
The prevention measures are of vital importance as Citadel Trojan can collect anything from the victimized computer. The Trojans gets access to various applications and collects the information which is sent to remote attackers. The threat has tampered with the internal computing systems in 27 Japanese government offices, 43 Polish government offices and other institutions in Denmark, Spain, the Netherlands, Czech Republic, Estonia, and Sweden even though the attack control servers are known to be located in the United States. It is also known that Citadel has affected more than 1,000 victims in total.
One more difference of Citadel Trojan as opposed to the earlier version of Citadel is the verse of Shakespeare that is inserted within the malware binary code. The group of attackers was dubbed the Poetry Group, and it is believed to be of English origin.
The analysis of 300 samples of the Trojan suggests that Citadel Trojan has been chosen as a tool for a data-gathering operation ordered by a private clientele.
Researchers point out that is important to be familiar with the users of a network and that the monitoring of the circulation of the data is crucial. Moreover, a lot of attention should be paid to patch management so that the updates do not introduce new security issues. Therefore, a reliable and powerful spyware removal is essential in order to prevent malware attacks and espionage.