Ukrainian Man Arrested by the Cyber Police for Infecting More than 2000 Computers

A Ukrainian man, aged 42, who was charged for infecting more than 2000 computers all across 50 countries has been caught by the Ukrainian police. The Ukrainian man infected the computers with DarkComet RAT (Remote Access Trojan). The man has been arrested after the police entered into his residence in Western Ukraine's city - Lviv with a search warrant.

In 2008, DarkComet was released for the first time. DarkComet was advertised initially as a remote administration toolkit that was legitimate. Malware developers quickly adopted the tool as it has got intrusive spying capabilities, thus making it a famous RAT within few months. Jean-Pierre Lesueur, a software developer from France, is the tool's author. In 2012, Lesueur has stop developing the tool further as it became clear that the tool was used largely by the cyber criminals to perform various cybercrimes.

While searching the suspects' residence, the police have seized a laptop that was infected with malware along with a PC. Preliminary examination of hardware was conducted by the Cyber Police Specialists. They found one panel administering access to the infected computers, files to install malware, along with the screenshots taken from the infected victims' computers.

Ukrainian National Police's press service said on the morning of November 23, 2018, that "cyber police officers conducting a pretrial investigation uncovered a crime committed by a 42-year-old resident of Lviv region. The man installed a Trojan virus administration program on his computer and modified it to send out client versions of the virus".

The specialists of the cyber police analyzed this malware and concluded that the virus had the capability to provide complete remote access to the computers, including possibility of downloading as well as uploading files, installing and uninstalling the programs, managing autoloading along with services, taking screenshots of the remote computer, remotely administering register, and intercepting sound coming through microphone and videos from both built-in as well as external cameras.

DarkComet virus, in addition, contained a keylogger (to record the buttons that are pressed), a network utility tools package, a communication buffer monitoring device, and a mechanism which can remotely turn off and restart a computer that has been infected. The program used the back-connect - i.e., it initiated connection with administering PC.

The cyber police of Ukraine suggested the users to screen their devices to check for the virus.

» SPAMfighter News - 12/3/2018