SMT Launches Cyber Attacks with Advanced BlackWorm

V3.co.uk reported on 29th August, 2014 stating that a hacker's group with codename 'The Syrian Malware Team' or SMT is apparently having links with the wicked Syrian Electronic Army (SEA) and is launching a several cyber attacks employing the infamous BlackWorm Trojan, actually a Remote Access Trojan.

Kyle Wilhoit along with Thoufique Haq, Threat Researchers with FireEye, revealed the cyber campaign and said that it is targeting with an advanced edition of the much-known attack tool.

V3.co.uk reported on 29th August, 2014 quoting them as saying "The SEA has been in the news for attacking high-profile communications sites, Forbes and a suspected assault on Centcom. The activities of Syrian Malware Team gone mostly unnoticed whereas attacks of SEA gained public attention. The activities of the group compelled us to take a nearer look and we discovered that this group is employing a .NET-based RAT dubbed BlackWorm to gain access to their targets."

BlackWorm is initially co-authored by Naser Al Mutairi of Kuwait (njq8) who is a hacker against whom Microsoft filed a lawsuit in June 2014 and it has become a common tool.

Many coders improved the BlackWorm when it was circulated among underground forums and reached the build which was used by Syrian Malware Team, 2.1.

According to researchers, Dark Edition is the name of this version and its builder has more control on built-in features enabling operators to easily turn on or off many functions as per their desire.

It gives options to propagate through many methods (USB, peer-to-peer, shortcuts, LAN) to prevent access to tools on the infected machine leading to anti-detection settings or disabling it. Also Binary output can be produced in several formats like .src, .exe and dll.

Last month, researchers of Kaspersky Lab found that cyber-attacks involving Syria is surging in terms of sophisticated organization with more than 10,000 users being affected by latest malware attacks. The victims of attacks belong to all over the world with countries like Saudi Arabia, Turkey, Palestine and Lebanon being struck most.

Securityweek.com reported on 1st September, 2014 quoting Ghareeb Saad, Senior Security Researcher of the Global Research & Analysis Team, Kaspersky as saying "Syrian malware is expected to attack both in quantity and quality".

» SPAMfighter News - 9/10/2014