Malware being distributed through eBay-style marketplace

It worked for many Internet start-ups in the past, who have used a freeware model that allows people to sample their best wares and improve upon it.

Now malware writers are apparantly also turning to open source as a means of popularising their code. And it's not just a clever way of getting the code out into the wider web - it's also a tactical manoeuvre that offers better updates and gets it into the hands of the bad guys quicker.  

A Symantec researcher quoted by CNET estimates open source malware to make up as much as 10% of the entire malware scene.

But it might be more than just 'giving it away.' Nigel Hedges is a Technical Services Manager at security firm Kaspersky Lab and he views the rise of open source malware as part of the transition from malware written by hobbyists, to the criminal enterprise it now is.

Hedges believes that by going open source, malware vendors are seeking new methods to improve their code by giving it away initially and offering more advanced features, add-ons and code improvements for sale later on down the track; a move that could eventually mean money for the most dominant malware providers.   

"Where once virus writers wrote for the pure challenge and satisfaction of having an impact on other people's resources, the malware writers of today are more organised. They write for the purpose of making money", Hedges said.

"There is an underground malware economy, (and) some sites are very "eBay" in their design and approach. From these sites you can purchase and even rent malware kits."

This isn't the first time open source malware has appeared. The CNET report also notes the open source releases of the Limbo Trojan in 2007 and the Cult of the Dead Cow's (cDc) first open source move in 1999, with its 'Back  Orifice' Trojan.

The eBay style marketplace for malware is rather advanced, says Hedges. "You can also obtain malware management software to control the variety of Trojans, backdoor kits and other zero-day exploit code. The more stealthy and unknown the malware kits are, the most expensive they are", he told us.

By going open source, more machines can be infected and it all adds up to being "a very solid return on their investment" for the malware writers, says Hedges.

But with open source malware code so easily attainable, that also makes it easier for the security vendors to get direct access to the code and guard against such attacks. Kaspersky Lab, for example, uses the Kaspersky Security Network (KSN) which "utilizes information feeds from customers about the types of threats they are receiving at their infrastructure", according to Hedges.