Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Remote Admin Tools May Not Be Clever Enough For Their Own Good

timothy posted about 2 years ago | from the come-into-my-parlor-said-the-spider-to-the-fly dept.

Security 21

ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back."

cancel ×

21 comments

Sorry! There are no comments related to the filter you selected.

Unbelievable, software has bugs too (5, Funny)

invisibl3 (1099225) | about 2 years ago | (#41640135)

Unbelievable, software has bugs too

Re:Unbelievable, software has bugs too (5, Funny)

Grayhand (2610049) | about 2 years ago | (#41640269)

Unbelievable, software has bugs too

Probably a bad idea authoring spyware in Flash.

Re:Unbelievable, software has bugs too (1)

fuzzywig (208937) | about 2 years ago | (#41655541)

It's worse than that, they used Delphi. (Seriously!)

Re:Unbelievable, software has bugs too (0)

Anonymous Coward | about 2 years ago | (#41640901)

yeah man, like, if we knew that malware was often poorly written we would know to look for bad system performance and stability as a sign of malware/spyware/virus/trojan infection and stuff like that...

no wait...

maybe i think the article and the students are stupid...

news for nerds? (5, Insightful)

dutchwhizzman (817898) | about 2 years ago | (#41640143)

I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

Re:news for nerds? (5, Funny)

Psychotria (953670) | about 2 years ago | (#41640539)

I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

Re:news for nerds? (3, Insightful)

Fnord666 (889225) | about 2 years ago | (#41641107)

Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

Judging from the amount of comments thus far (about 7) I think that this "story" got posted in the late evening / early morning on a non work day. Timing is everything.

Re:news for nerds? (2)

BitZtream (692029) | about 2 years ago | (#41641675)

Stories posted by timothy almost always have low counts, most people with a clue have ignored him on the front page. I only got caught because I wasn't logged in.

He's a moron who posts ignorant crap so most of slashdot knows better.

Re:news for nerds? (1)

RoknrolZombie (2504888) | about 2 years ago | (#41663931)

Not having anything worthwhile to say seldom prevents /.ers from saying it anyway.

Did you ever read the stainless steel rat series? (1)

way2trivial (601132) | about 2 years ago | (#41642049)

in one of the books, when he explains himself, he describes himself as a stainless steel rat, because the 'game' between law enforcement/technology vs. crooks has advanced to the point where very few criminals have successful careers due to the degree of ability required. A hell of an analogy, keeps in line with what you describe...

doesn't mean catching them will be more difficult, only that the cutting edge will mean those who are very deft will succeed.
Script kiddies will fall by the wayside, hopefully in large numbers..

Re:news for nerds? (1)

KFK - Wildcat (512842) | about 2 years ago | (#41646723)

Or it may make people afraid of developping / running these tools.

slow day? (3, Funny)

ruir (2709173) | about 2 years ago | (#41640151)

Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

Re:slow day? (2, Funny)

Anonymous Coward | about 2 years ago | (#41640295)

Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

Yeah this is slashdot so college interns won't be discovering sexual relationships. ;)

There's a book which covers this (5, Informative)

Anonymous Coward | about 2 years ago | (#41640263)

If you're interested in this king of thing, Pick up "Aggressive network self-defence" It's a really interesting book full of stuff like this.

OOPS (0)

geekspy (2746149) | about 2 years ago | (#41640343)

This may be a huge security concern for the companies who remotely accessed their servers.

Re:OOPS (2, Funny)

Anonymous Coward | about 2 years ago | (#41640579)

Hurry up, tell them! They surely can't be aware of this gaping security hole, then they would never connect unprotected sensitive systems to a global network .

First off... (3, Insightful)

bmo (77928) | about 2 years ago | (#41641115)

There is a difference between a remote administration tool and a remote administration trojan. While the difference may seem technical, it matters. The summary confuses the two and the article doesn't seem to differentiate the two well enough.

Secondly, remote admin trojans are "good enough" and don't need to be perfect. Taking into account savvy users is not productive with so many dumb users out there. And in some cases, as we've seen in the past, simply calling someone up on the phone and talking them into installing a legitimate product like GoToMyPC or Teamviewer or any of the dozens of similar tools is good enough.

The people who are victims of remote admin trojans and "Hello $DUMBASS, please install Teamviewer" aren't exactly the ones who are running an active defense against malware anyway. They're not going to be "fighting back" until it is far too late, if at all.

Getting into the meat of the article, there is a lot of bloviating about how weak RATs are. This is only a temporary state. But the funniest thing in the article is this phrase: "some of the tools included cut-and-pasted code from various sources, he says." Duh. That's how most programmers work, in a broad sense. What the fuck does the author think a library is?

--
BMO

Summary confusing spyware and Remote Admin (1)

BitZtream (692029) | about 2 years ago | (#41641637)

Remote Admin Tools ...

Do not access the camera.
Do not do key logging
Do not do password sniffing.

Those are NOT remote admin tools, those are spyware. There is no administrative reason to do those things. Doing them is flat out spying regardless of who is doing it. You might make the claim that those things are good for theft-recovery purposes, but they have no business being included in remote admin tools what so ever.

When you fire a gun at someone... (3, Insightful)

BitterOak (537666) | about 2 years ago | (#41642837)

...that kind of gives away your location.

Re:When you fire a gun at someone... (1)

antdude (79039) | about 2 years ago | (#41644751)

Even with silent types?

Re:When you fire a gun at someone... (0)

Anonymous Coward | about 2 years ago | (#41646237)

...that kind of gives away your location.

No it doesn't. They might be able to determine the direction, but not the distance.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>