Popular RATs Found Riddled With Bugs, Weak Crypto

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240008942/popular-rats-found-riddled-with-bugs-weak-crypto.html

By Kelly Jackson Higgins
Dark Reading
Oct 11, 2012

RATs have bugs, too: New research shows that remote administration tools 
often used for spying and targeted attacks contain common flaws that 
ultimately could be exploited to help turn the tables on the attackers.

A pair of interns for Matasano Security recently published their 
findings of vulnerabilities they discovered while reverse-engineering 
popular RATs, specifically DarkComet, Bandook, CyberGate, and Xtreme 
RAT. Shawn Denbow of Rensselaer Polytechnic Institute and Jesse Hertz of 
Brown University, both undergraduate computer science students now in 
their senior year, found that the RATs contain flaws common in 
mainstream software, such as SQL injection, arbitrary file reading, and 
weak encryption.

"This shows that it is possible, and that it's not hard, to pick apart 
attacker tools and come up with proactive defenses against them," says 
John Villamil, senior security consultant with Matasano, who served as 
Denbow and Hertz's adviser for the project. "If nothing else, it can 
help forensics companies analyzing traffic from compromises ... and help 
build tools that analyze these Trojans, and provide signatures [to 
detect them]."

Vulnerability research into attacker tools is rare, but not unheard of. 
"It's very rare to see this type of research," Villamil says.

[...]


--
Get your CEH, CISSP or ISSMP with ExpandingSecurity.com Live OnLine classes that will not wreck your schedule.
Come to a free class and see how good our program really is. Free weekly PainPill: 
http://www.expandingsecurity.com/PainPill