June 01, 2010

Your favorite malware authors: Now on Twitter!

If you want a preview of the next wave of malicious programs, there's now an easy way to keep tabs -- just follow the tweets

By Paul F. Roberts | InfoWorld

Follow @infoworld

Print |

Your favorite malware authors: Now on Twitter!

Who can keep up with the swarms of malware churned out by professional operations? The activities of smaller hacking groups such as the one operated by TJX and Heartland hacker Albert Gonzalez, or state-sponsored hacking operations such as the one believed to be responsible for the attacks on Google and other IT firms are even more difficult to monitor.

The malware authoring community is more clubby than stealthy, but it has typically operated just below the surface, communicating through members only listservs and Websites that aren't publicly accessible. But as Mikko H. Hyppönen at F-Secure points out, malware authors are increasingly willing -- if not eager -- to talk about what they're working on in a public forum.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Witness the phenomenon of the tweeting Trojan author @DarkCoderSc, a French hacker who has been updating his couple dozen followers since April on the progress of DarkComet RT, a remote administration tool (RAT) application he is developing. (Note: "Remote administration tools" are also referred to as "Trojans" when they're used for things other than "administration.")

The program itself, which is pre-release, hasn't yet been identified by the major antivirus companies, but DarkCoderSc promises that, when finished, it will have many features that should get it flagged as malicious, including keylogging, multithreaded upload/download, botnet functions, and remote capture and webcam streaming -- basically features that let you spy on infected systems. Using Twitter, you can keep up with the progress on DarkComet. A post from April updates us on work on the keylogger function, which DarkCoderSc said "works very well and get all the keys with special carracters for all type of keyboard ;)" and on "persistence" in 32- and 64-bit environments.

next page ›

Tags: Hacking, Malware

Print |

The iEverything Enterprise: Understanding and Addressing IT's Dilemma in a World Dominated by Wireless Smart Devices

Reduce the cost and complexity of wireless networks with cloud-enabled, distributed Wi-Fi and routing. By removing the architectural limitations of traditional WLANs, you can support identity-based access and enable delivery of mission-critical applications and services to any user, on any device, at any time without a single point of failure.

View now »