The Citadel crimeware kit - under the microscope | Libertés Numériques |

Ever since the source code of the Zeus crimeware kit, also known as Zbot, was leaked onto the internet in May 2011, many new variants have appeared. These have typically added new features and improved on the old code.

One particularly prevalent example is Citadel.

At its core, Citadel works like the original Zbot. It comes as a kit that includes a malware builder tool and a collection of server-side components. The builder is used to create the bot malware (an EXE file) that is sent out to spread infection: