[<prev] [next>] [day] [month] [year] [list]
Message-ID: <07c501cd0778$5bcc0660$13641320$@com>
Date: Wed, 21 Mar 2012 10:36:17 -0500
From: "Adam Behnke" <adam@...osecinstitute.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DarkComet - syrian revolution trojan analysis and
author interview
On February 17th the CNN published an interesting article, where some
Syrian's regime opponents claimed that the government was using a Trojan to
monitor and disrupt the protestor's network. Apparently the regime has been
using a well-known social engineering technique: impersonate a trusted
person then attack from the inside. It is not possible to confirm the story
but this is what is being told by the opponents of the regime: apparently
one of the protestors was brought to jail and promptly forced to hand over
his passwords. Those passwords were used later on to access his Skype
account and infiltrate the network of protestors, spreading via chat a
program containing some malicious code. In other cases the same file was
delivered as a Facebook Chat security update, together with a Facebook icon,
while some other people claim that it was also sent by mail. Whatever the
means, the common sign among all the stories is that this file, after being
opened, did simply nothing and even the antivirus didn't complain at all.
What follows is an indepth analysis of the Trojan as well as an interview
with the author of the RAT:
http://resources.infosecinstitute.com/darkcomet-analysis-syria/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists