Last week we talked about the Remote Administration Trojan DarkComet and all the wonderful and scary things it can do. In response to the twitter post announcing the blog, the author of DarkComet tweeted an answer to my big bold question:
“Considering that this is a Remote Administration Tool, to be used for good and what not….WHY DOES IT HAVE DDOS FUNCTIONALITY!?”
His answer was that he typically uses it for “Performing tests on his personal network to make sure it can protect against those kinds of attacks.” To simplify the answer, it’s like he built a bomb in order to see if his house was explosion-proof. He isn’t lying, it is possible to test your own defenses with such a weapon. I will leave it up to you, the reader, to decide whether or not that is a good enough reason to include the capability to perform Distributed Denial of Service attacks in his software.
Moving on, I know that I talked about how dangerous DarkComet was and that while there were a lot of illegitimate uses for it, it was mostly designed as a network administration tool and therefore, could be used for legitimate purposes. This week I am going to tell you about the opposite of DarkComet, a very powerful and very dangerous RAT Trojan known as BlackShades NET.
There are quite a few different types of RAT malware floating around in the wild right now that are used by people ranging from amateur hackers all the way up to cyber-crime organizations. DarkComet is one of them and BlackShades NET is another, more dangerous one.
BlackShades is a very powerful RAT which sports all the functionality of DarkComet and then some. The methods in which it infects its victims spread over a large band of different methods, to name a few:
- Fake torrent downloads on Person to Person (P2P) sites
- Malicious links spread on social media sites (Facebook, twitter, etc)
- Malicious links spread in chat rooms
- Drive-by attacks
- Java exploits
- Spreading via hacked social media/chat accounts
- Phishing e-mails
This list applies to most methods of spreading RATs and malware in general.