Full Disclosure mailing list archives
DarkComet - syrian revolution trojan analysis and author interview
From: "Adam Behnke" <adam () infosecinstitute com>
Date: Wed, 21 Mar 2012 10:36:17 -0500
On February 17th the CNN published an interesting article, where some Syrian's regime opponents claimed that the government was using a Trojan to monitor and disrupt the protestor's network. Apparently the regime has been using a well-known social engineering technique: impersonate a trusted person then attack from the inside. It is not possible to confirm the story but this is what is being told by the opponents of the regime: apparently one of the protestors was brought to jail and promptly forced to hand over his passwords. Those passwords were used later on to access his Skype account and infiltrate the network of protestors, spreading via chat a program containing some malicious code. In other cases the same file was delivered as a Facebook Chat security update, together with a Facebook icon, while some other people claim that it was also sent by mail. Whatever the means, the common sign among all the stories is that this file, after being opened, did simply nothing and even the antivirus didn't complain at all. What follows is an indepth analysis of the Trojan as well as an interview with the author of the RAT: http://resources.infosecinstitute.com/darkcomet-analysis-syria/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DarkComet - syrian revolution trojan analysis and author interview Adam Behnke (Mar 21)