Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Earlier this week the US government announced the arrest of more than 100 individuals linked to the Blackshades remote access Trojan (RAT). While most of those arrested were merely users of this RAT, the arrests included its co-creator, a 24-year-old Swede named Alex Yücel. Also arrested was a 23-year-old American named Brendan Johnston, who was involved in marketing the RAT to various hacker forums and provided support to “customers”.

    Blackshades was sold as a toolkit, which was used to create the actual malware, detected as WORM_SWISYN.SM. The actual capabilities of the malware itself are fairly similar to other RATs: it can steal keystrokes and passwords, launch denial-of-service attacks, and download and run malware onto the affected system. It can also be configured by the attacker to spread via USB drives, if desired.

    Blackshades, however, is particularly infamous for being used by would-be stalkers and other such unsavory elements to spy on women. Blackshades allows the remote attacker to turn on the victim PC’s microphone and/or webcam. It’s not the first malware family to include this behavior, but it appears to be one of Blackshade’s most commonly used “features”.

    140521comment01

    Figure 1. The Blackshades remote access trojan’s UI

    The scale of the arrests—rarely have so many cybercriminals been arrested in one go—is entirely due to Blackshades’ ease of use. It was easy to acquire; it had its own easily accessible website with its own domain (now seized by the FBI).

    There were relatively few barriers to entry— in contrast with, say, the Russian underground, where it is not always easy to earn the trust of would-be sellers of malware. The damage the users of Blackshades caused was real, but that was not necessarily because they were particularly skillful.

    This was both good and bad. The relative lack of skill (and caution) by Blackshades users not only meant that law enforcement was able to apprehend them, but it also means that the barriers to entry are sufficiently low that anyone can now be a cybercriminal should one want to do so.

    This case should serve as a warning to all would-be low level cybercriminals: law enforcement has the capability and willingness to go after cybercriminals of all capabilities and skills, and you are not too far from the long arms of the law.

    Trend Micro protects users from this threat by detecting the created RATs, as well as blocking the main site that sold Blackshades.

     





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice