Technology Stocks : Off Topic (Every Day Technology)

 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
From: TimF11/30/2017 4:59:31 PM
2 Recommendations

Recommended By
J.F. Sebastian
Stock Puppy

  Read Replies (1) of 1461
Malware writer offers free trojan to hackers ... with one small drawback Beware of geeks bearing Cobian RAT gifts
By Iain Thomson in San Francisco
31 Aug 2017

Those looking on the dark web for malware capable of hijacking computers might have thought they were getting a bargain when a free trojan appeared on various online souks over the past few months.

The malware generator, dubbed the Cobian remote access trojan (RAT) by researchers at security shop Zscaler, is a fairly elemental bit of code and is based around the njRAT that surfaced around four years ago. It comes with all the usual bells and whistles – a keylogger, webcam hijacker, screen capturing and the ability to run your own code on an infected system.

But the Cobain RAT also has a secondary payload built in, hidden in an encrypted library. Once activated, it allows the original author of the malware to take control of any computers infected by the attack code and, if necessary, cut off the criminal who caused the infection in the first place.

"It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author," said Zscaler's advisory on Thursday. "The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators' Botnet."

The secondary payload communicates with a preset page on Pastebin to get the current address of the command and control servers run by the original writer. But the malware checks first to see if the second level operator is online, in which case it keeps quiet to avoid detection.

It's likely the original author won't automatically cut off the second level operator for fear of alerting that person. Instead it's in the author's interests to encourage as many infections as possible and to run a massive botnet without the bother of distributing the malware necessary to build a zombie army...
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

Copyright © 1995-2018 Knight Sac Media. All rights reserved.Stock quotes are delayed at least 15 minutes - See Terms of Use.