News Advanced Threats
The 5 Coolest Hacks Of 2012
Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools
4. RATs With Bugs
Remote access Trojans/tools -- a.k.a. RATs -- are a cybercriminal's best friend. These remote administration tools help bad guys spy on and wage targeted attacks. A pair of interns for Matasano Security discovered that some popular RATs can actually be exploited to help turn the tables on the attackers behind them.
DarkComet, Bandook, CyberGate, and Xtreme RAT, which are used to exploit victims, can be exploited themselves, according to Shawn Denbow of Rensselaer Polytechnic Institute and Jesse Hertz of Brown University, both undergraduate computer science students now in their senior year. The researchers found that the RATs contain flaws common in mainstream software, such as SQL injection, arbitrary file reading, and weak encryption.
More Security Insights
White PapersMore >>
RATs typically conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing. But it turns out these tools can be just as vulnerable as the systems they target. "This shows that it is possible, and that it's not hard, to pick apart attacker tools and come up with proactive defenses against them," says John Villamil, senior security consultant with Matasano, who was Denbow and Hertz's adviser for the project. "If nothing else, it can help forensics companies analyzing traffic from compromises ... and help build tools that analyze these Trojans, and provide signatures [to detect them]."
At a time when offensive defense is becoming the new battle cry, the concept of poking holes in black hat tools is attractive. But hacking back remains taboo.
The researchers released homegrown tools that decrypt RAT traffic and proof-of-concept exploits for the bugs they found. Most RATs include weak encryption, or no encryption at all, they found.
"The people using those tools either don't realize how weak they are, or they don't care," Villamil says. The bottom line is that RATs are powerful cyberespionage and other persistent attack tools.