Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

Arbor Experts Reveal that Dark Comet RAT used to Target Gamers, Military and Government Sites

Security firm Arbor Networks analyzed the Dark Comet RAT software and confirmed that data from more than 400 campaigns suggests that the malicious program is being used for a wide range of jobs which is from attacks on online gamers to potential hacks of air force bases and government websites.

Threatpost.com published a report on 12th July, 2012 quoting Curt Wilson, security researcher at Arbor Networks stating "Dark Comet is being customized in mass to serve wide range of campaigns which leaves researchers to guess at the goal of the attack using clues like attacker's passwords, server IDs and file names."

Wilson looked at Dark Comet through the lenses of five different campaigns.

More than 4000 samples of RAT are there with the security firm but they have identified more appealing campaigns by studying the passwords, command and control(C&C) servers, and server IDs employed by them.

The first campaign seems to be more attractive and is the one which Dark Comet used "Boeing747@#Legacy123" as password. The C&C server's IP address indicated an area in South Africa that are claimed to be the prime location of the two Air Force bases.

The researchers hold the faith that the bases may be somehow related to the attack but could not determine the motives.

In yet another campaign, RAT was perhaps employed by someone to readdress government sites. Host files of infected machines discovered strings such as www.security.gov:74.208.130.89 and www.searchanddestroy.gov:74.208.130.89

The scenario demonstrates how the cybercriminals were replicating man-in-the-middle attacks and readdressing and the domains are bogus.

Run escape and other gaming communities are also equally been targeted by this tool.

Dark Comet exposed the ways in which attackers try to employ some tricky methods to keep away from detection.

Ddos.arbornetworks.com published a report on 11th July, 2012 quoting Wilson concluding that Dark Comet is very popular RAT which is developed and widely used. It is difficult to determine the motive of the attacker but sometimes traces of left over help us to find the goal of a campaign. RAT infection is very serious which requires an in-depth study to find the goals of the attacker and the level of risk it posed.

Related article: Airport Website Used To Attack NAB Customers

ยป SPAMfighter News - 23-07-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next