Busting the Citadel Trojan developers

Brian Krebs recently reported about the Citadel developers getting busted by the FBI. What is most interesting is the bait that FBI used to trap them.

Citadel boasted an online tech support system for customers designed to let them file bug reports, suggest and vote on new features in upcoming malware versions, and track trouble tickets that could be worked on by the malware developers and fellow Citadel users alike. Citadel customers also could use the system to chat and compare notes with fellow users of the malware.

It was this very interactive nature of Citadel’s support infrastructure that FBI agents ultimately used to locate and identify Vartanyan, the developer of Citadel.