Syria Conducting Cyber-espionage on Dissidents’ PCs; F-Secure
According to F-Secure, the security company, the government of Syria apparently is using spyware to infect activists' computers through Skype for quietly monitoring their operations.
Researchers from the company stated that earlier one hard drive they got through a source showed a picture of one computer belonging to an activist in Syria whom local officials had targeted.
A Skype-facilitated conversation had contaminated that activist's computer. The conversation actually started off from a co-activist's PC. Curiously, the co-activist was already in police custody so questionably how could he have been an initiator of the chat.
F-Secure, which conducted an investigation, found that the infection first happened with a file named MACAddressChanger.exe that came into the activist's computer via the chat. Rather than alter his system's hardware Media Access Control detail to enable it evade certain security software, the file installed silvia.exe another file that contained a backdoor namely 'Xtreme Remote Access Tool' or 'Xtreme RAT.'
Describing this RAT tool, Chief Research Officer Mikko Hypponen from F-Secure stated that it was capable of viewing an end-user's computer-screen, monitor his keyboard entries, make the webcam and microphone active, all from the remote, as well as acquire admission into the database of the LAN (Local Area Network) in addition to that of the first PC itself. Furthermore, the tool was even capable of entering shared files and folders that Dropbox harbored, Hypponen added. Techweekeurope.co.uk published this on May 4, 2012.
Sourced from the 188.8.131.52 Internet Protocol address, the RAT backdoor did its malicious tasks. Meanwhile, the IP block was of STE (Syrian Telecommunications Establishment) that was government-controlled. Hypponen added that his organization was sure that there was a pointed attack on the activist's PC.
The rise in Syrian activists is connected with the Arab Spring, which comprises massive protests in the Middle East countries. The current revolt in Syria, which started during January 2011, is also one of them.
Conclusively, targeted computer-attacks aren't new in Syria. During 2012 itself, the Electronic Frontier Foundation (EFF) cautioned Syrian computer-operators of personalized assaults, which could dupe them via fake Adobe updates for Flash Player being disseminated through phony web-pages from YouTube.
Related article: Share of Russian Spam on Internet Increased in October 2008
» SPAMfighter News - 14-05-2012