Arbor Experts Reveal that Dark Comet RAT used to Target Gamers, Military and Government Sites
Security firm Arbor Networks analyzed the Dark Comet RAT software and confirmed that data from more than 400 campaigns suggests that the malicious program is being used for a wide range of jobs which is from attacks on online gamers to potential hacks of air force bases and government websites.
Threatpost.com published a report on 12th July, 2012 quoting Curt Wilson, security researcher at Arbor Networks stating "Dark Comet is being customized in mass to serve wide range of campaigns which leaves researchers to guess at the goal of the attack using clues like attacker's passwords, server IDs and file names."
Wilson looked at Dark Comet through the lenses of five different campaigns.
More than 4000 samples of RAT are there with the security firm but they have identified more appealing campaigns by studying the passwords, command and control(C&C) servers, and server IDs employed by them.
The first campaign seems to be more attractive and is the one which Dark Comet used "Boeing747@#Legacy123" as password. The C&C server's IP address indicated an area in South Africa that are claimed to be the prime location of the two Air Force bases.
The researchers hold the faith that the bases may be somehow related to the attack but could not determine the motives.
In yet another campaign, RAT was perhaps employed by someone to readdress government sites. Host files of infected machines discovered strings such as www.security.gov:126.96.36.199 and www.searchanddestroy.gov:188.8.131.52
The scenario demonstrates how the cybercriminals were replicating man-in-the-middle attacks and readdressing and the domains are bogus.
Run escape and other gaming communities are also equally been targeted by this tool.
Dark Comet exposed the ways in which attackers try to employ some tricky methods to keep away from detection.
Ddos.arbornetworks.com published a report on 11th July, 2012 quoting Wilson concluding that Dark Comet is very popular RAT which is developed and widely used. It is difficult to determine the motive of the attacker but sometimes traces of left over help us to find the goal of a campaign. RAT infection is very serious which requires an in-depth study to find the goals of the attacker and the level of risk it posed.
Related article: Airport Website Used To Attack NAB Customers
» SPAMfighter News - 23-07-2012