Remote Admin Tools May Not Be Clever Enough For Their Own Good

ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back."

Unbelievable, software has bugs too

[invisibl3]

Unbelievable, software has bugs too

Re:Unbelievable, software has bugs too

[Grayhand]

Unbelievable, software has bugs too

Probably a bad idea authoring spyware in Flash.

Re:

[fuzzywig]

It's worse than that, they used Delphi. (Seriously!)

news for nerds?

[dutchwhizzman]

I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

Re:news for nerds?

[Psychotria]

I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

Re:news for nerds?

[Fnord666]

Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

Judging from the amount of comments thus far (about 7) I think that this "story" got posted in the late evening / early morning on a non work day. Timing is everything.

Re:

[RoknrolZombie]

Not having anything worthwhile to say seldom prevents /.ers from saying it anyway.

Did you ever read the stainless steel rat series?

[way2trivial]

in one of the books, when he explains himself, he describes himself as a stainless steel rat, because the 'game' between law enforcement/technology vs. crooks has advanced to the point where very few criminals have successful careers due to the degree of ability required. A hell of an analogy, keeps in line with what you describe...

doesn't mean catching them will be more difficult, only that the cutting edge will mean those who are very deft will succeed.
Script kiddies will fall by the wayside, hopefully

Re:

[KFK - Wildcat]

Or it may make people afraid of developping / running these tools.

slow day?

[ruir]

Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

Re:

[Anonymous Coward]

Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

Yeah this is slashdot so college interns won't be discovering sexual relationships. ;)

There's a book which covers this

[Anonymous Coward]

If you're interested in this king of thing, Pick up "Aggressive network self-defence" It's a really interesting book full of stuff like this.

Re:

[Anonymous Coward]

Hurry up, tell them! They surely can't be aware of this gaping security hole, then they would never connect unprotected sensitive systems to a global network .

First off...

[bmo]

There is a difference between a remote administration tool and a remote administration trojan. While the difference may seem technical, it matters. The summary confuses the two and the article doesn't seem to differentiate the two well enough.

Secondly, remote admin trojans are "good enough" and don't need to be perfect. Taking into account savvy users is not productive with so many dumb users out there. And in some cases, as we've seen in the past, simply calling someone up on the phone and talking them into installing a legitimate product like GoToMyPC or Teamviewer or any of the dozens of similar tools is good enough.

The people who are victims of remote admin trojans and "Hello $DUMBASS, please install Teamviewer" aren't exactly the ones who are running an active defense against malware anyway. They're not going to be "fighting back" until it is far too late, if at all.

Getting into the meat of the article, there is a lot of bloviating about how weak RATs are. This is only a temporary state. But the funniest thing in the article is this phrase: "some of the tools included cut-and-pasted code from various sources, he says." Duh. That's how most programmers work, in a broad sense. What the fuck does the author think a library is?

--
BMO

When you fire a gun at someone...

[BitterOak]

...that kind of gives away your location.

Re:

[antdude]

Even with silent types?