lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <07c501cd0778$5bcc0660$13641320$@com>
Date: Wed, 21 Mar 2012 10:36:17 -0500
From: "Adam Behnke" <adam@...osecinstitute.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DarkComet - syrian revolution trojan analysis and
	author interview

On February 17th the CNN published an interesting article, where some
Syrian's regime opponents claimed that the government was using a Trojan to
monitor and disrupt the protestor's network. Apparently the regime has been
using a well-known social engineering technique: impersonate a trusted
person then attack from the inside. It is not possible to confirm the story
but this is what is being told by the opponents of the regime: apparently
one of the protestors was brought to jail and promptly forced to hand over
his passwords. Those passwords were used later on to access his Skype
account and infiltrate the network of protestors, spreading via chat a
program containing some malicious code. In other cases the same file was
delivered as a Facebook Chat security update, together with a Facebook icon,
while some other people claim that it was also sent by mail. Whatever the
means, the common sign among all the stories is that this file, after being
opened, did simply nothing and even the antivirus didn't complain at all. 

What follows is an indepth analysis of the Trojan as well as an interview
with the author of the RAT:

http://resources.infosecinstitute.com/darkcomet-analysis-syria/







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ