Forgot your password?
typodupeerror
Security Software IT

Remote Admin Tools May Not Be Clever Enough For Their Own Good 21

Posted by timothy
from the come-into-my-parlor-said-the-spider-to-the-fly dept.
ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back."
This discussion has been archived. No new comments can be posted.

Remote Admin Tools May Not Be Clever Enough For Their Own Good

Comments Filter:
  • by invisibl3 (1099225) on Saturday October 13, 2012 @04:55AM (#41640135)
    Unbelievable, software has bugs too
  • news for nerds? (Score:5, Insightful)

    by dutchwhizzman (817898) on Saturday October 13, 2012 @05:03AM (#41640143)
    I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.
    • by Psychotria (953670) on Saturday October 13, 2012 @07:40AM (#41640539)

      I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

      Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

      • Re:news for nerds? (Score:4, Insightful)

        by Fnord666 (889225) on Saturday October 13, 2012 @09:56AM (#41641107) Journal

        Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

        Judging from the amount of comments thus far (about 7) I think that this "story" got posted in the late evening / early morning on a non work day. Timing is everything.

      • Not having anything worthwhile to say seldom prevents /.ers from saying it anyway.
    • in one of the books, when he explains himself, he describes himself as a stainless steel rat, because the 'game' between law enforcement/technology vs. crooks has advanced to the point where very few criminals have successful careers due to the degree of ability required. A hell of an analogy, keeps in line with what you describe...

      doesn't mean catching them will be more difficult, only that the cutting edge will mean those who are very deft will succeed.
      Script kiddies will fall by the wayside, hopefully

    • Or it may make people afraid of developping / running these tools.
  • slow day? (Score:3, Funny)

    by ruir (2709173) on Saturday October 13, 2012 @05:09AM (#41640151) Homepage
    Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

      Yeah this is slashdot so college interns won't be discovering sexual relationships. ;)

  • by Anonymous Coward on Saturday October 13, 2012 @05:49AM (#41640263)

    If you're interested in this king of thing, Pick up "Aggressive network self-defence" It's a really interesting book full of stuff like this.

  • First off... (Score:4, Insightful)

    by bmo (77928) on Saturday October 13, 2012 @09:57AM (#41641115)

    There is a difference between a remote administration tool and a remote administration trojan. While the difference may seem technical, it matters. The summary confuses the two and the article doesn't seem to differentiate the two well enough.

    Secondly, remote admin trojans are "good enough" and don't need to be perfect. Taking into account savvy users is not productive with so many dumb users out there. And in some cases, as we've seen in the past, simply calling someone up on the phone and talking them into installing a legitimate product like GoToMyPC or Teamviewer or any of the dozens of similar tools is good enough.

    The people who are victims of remote admin trojans and "Hello $DUMBASS, please install Teamviewer" aren't exactly the ones who are running an active defense against malware anyway. They're not going to be "fighting back" until it is far too late, if at all.

    Getting into the meat of the article, there is a lot of bloviating about how weak RATs are. This is only a temporary state. But the funniest thing in the article is this phrase: "some of the tools included cut-and-pasted code from various sources, he says." Duh. That's how most programmers work, in a broad sense. What the fuck does the author think a library is?

    --
    BMO

  • by BitterOak (537666) on Saturday October 13, 2012 @02:16PM (#41642837)
    ...that kind of gives away your location.

Heuristics are bug ridden by definition. If they didn't have bugs, then they'd be algorithms.

Working...