SOURCE: AhnLab, Inc.

AhnLab, Inc.

November 26, 2012 06:00 ET

AhnLab Issues Comprehensive Analysis of Citadel Malware

New ReportCollects Comprehensive Information From Infected PCs That Includes Banking/Network Credentials

SEOUL, SOUTH KOREA and SAN FRANCISCO, CA--(Marketwire - Nov 26, 2012) - AhnLab, Inc. (, a leading provider of integrated security solutions today announced the release of a comprehensive and complete analysis of Citadel malware, the latest generation of bank information-stealing malware that can affect business and personal online banking transactions alike.

In 2012, Citadel has emerged as the most dominating malware with enhanced malicious functions. The most famous banking-targeted malware before Citadel was Zeus and SpyEye Trojan.

According to AhnLab, Citadel has many things in common with Zeus. It creates and manages the botnet, a collection of Internet-connected computers that are infected with malware. It is designed to collect personal information from infected PCs including online banking information, Web browser credential and SNS account data. The malware also delivers ransomware and scareware from attacker in attempts to extort money directly from victims.

In terms of information theft, Citadel's abilities easily surpass those of Zeus. Both types of malware collect and leak basic information of infected PC, including OS information, Web browser usage, system time, and user admin name before they steal banking credentials. Citadel leaks more comprehensive information about the infected PC including domain information of local network, the list of database servers, network configuration information and homepage setting information. With this data acquired, the attacker can design more targeted threats.

Citadel is provided in a Software-as-a-Service (SaaS) model, and it has its own store so this malware can be managed the malware from creation to maintenance. The store offers the Citadel builder, botnets paying in monthly basis, update service, a test to avoiding Anti-Virus software and many other features. Citadel's model is indicative of the recent trend in the cybercrime ecosystem.

To get a copy of this report, go to or send email to

AhnLab's AOS provides integrated and multi-layered transaction security against comprehensive security threats. With four primary components including AOS Secure Browser, a dedicated security browser that creates a protected environment for online transactions, AOS Anti-keylogger, AOS Firewall and antivirus, AhnLab's AOS prevents confidential data loss through this kind of advanced and targeted attack from sophisticated malware such as Zeus, SpyEye and Citadel. After the full analysis of Citadel malware, AhnLab continues to research possible Citadel variants.

AhnLab's AOS is used by the several world's most famous banks including Citibank Korea, Banamex, Banco Santander in Mexico, and Cornerstone Community Bank in US.

About AhnLab

Headquartered in South Korea and with US HQ in San Francisco, AhnLab Inc. (KRX: 053800) develops industry-leading security solutions and provides professional services that are designed to secure and protect critical business and personal information. As a leading innovator in the information security arena for more than 20 years, AhnLab' s cutting edge products and services fulfilling the stringent security requirements of both enterprises and individual users.

AhnLab' s products and services include anti-virus solutions, network, mobile and online game security, security management and consulting services. Today, AhnLab boasts a network of sales and research operations in more than 20 countries worldwide.

For more information on AhnLab, go to or +1-866 666-3080

Contact Information

  • Media Contact:
    Dan Chmielewski
    Madison Alexander PR
    M: +1-949-231-2965
    Email Contact