More-and-more Utilization of ‘Blackshades’ Occurring, Reports Symantec

Symantec the security company has found that cyber-criminals are utilizing one RAT (remote access tool) named 'Blackshades' in increasing instances, since the malware's source code got revealed in 2010.

The Blackshades malware that the security company detected as "W32.Shadesrat," collects credentials along with passwords of users whose computers it infects and transmits the information to its malevolent C&C (command-and-control) servers. The operation that has gained momentum has induced a probe into the central command-and-control servers, which deal with Blackshades' latest infections.

Among the different credentials W32.Shadesrat targets, Web services, e-mail services, File Transfer Protocol (FTP) clients, and IM (instant messaging) programs are included. The kind of details may be relevant for spammers seeking fresh e-mail credentials; hackers attempting at constantly carrying out security breaches; and cyber-crooks seeking specified details for exfiltrate purposes.

Security Response Engineer Santiago Cortes of Symantec said that during the security company's investigation, it was determined that almost each of the C&C servers had supported attack toolkits sometime or the other, while till the time when BlackHole attack toolkit's and Cool attack toolkit's authors were arrested, the latter had become greatly widespread, published scmagazine.com dated November 25, 2013.

The toolkits attempted at exploiting various security flaws within vulnerable PCs for running malevolent payloads so as to contaminate the systems, Cortes continued.

Additionally the expert said that since the almost complete disappearance of Cool and BlackHole toolkits, Neutrino emerged as the fresh, most preferred toolkit for cyber-criminals employing Blackshades.

Elsewhere Cortes remarked that the UK, the U.S., and India were the countries with the maximum PCs contaminated with Blackshades, published pcworld.com dated November 25, 2013.

He added that from the threats' range of targets, it seemed that the cyber-criminals tried contaminating the maximum possible computers, without really targeting particular individuals else organizations.

Earlier in 2013, an authorization for utilizing Blackshades cost USD 40-USD 100 per annum, according to Symantec.

Meanwhile, during June 2012, Electronic Frontier Foundation a digital advocacy organization disclosed that Blackshades was getting spread through IMs from compromised A/Cs on Skype for secretly monitoring Syria's anti-government activists through screenshot and keystroke logger type of spying mechanisms.

» SPAMfighter News - 12/2/2013