Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT

Author Kills DarkComet Spyware After Syria Uses It 50

judgecorp writes "DarkcoderSc (Jean-Pierre Lesueur) has ended the DarkComet Remote Access Tool (RAT) project, after it emerged that the Syrian government had used the software to spy on its opponents. The tool was also used to target Mac OS X systems last year."
This discussion has been archived. No new comments can be posted.

Author Kills DarkComet Spyware After Syria Uses It

Comments Filter:
  • Interesting. (Score:5, Interesting)

    by gcnaddict ( 841664 ) on Monday July 09, 2012 @06:46PM (#40597833)
    So this was... legal malware? Can someone clue me in on the history of this utility? As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.
    • Re:Interesting. (Score:5, Informative)

      by Ciccio87 ( 2101982 ) on Monday July 09, 2012 @07:06PM (#40597965)

      So this was... legal malware?

      Hacking / security testing software is legal, it's its usage that could be illegal.

      Can someone clue me in on the history of this utility? As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

      It was a RAT (Remote Administration Tool, strict relative of a trojan horse), it could, in effect, be used for good purposes (or for learning purposes, but, without sources, the chanches for this are lesser), however yes, it was mainly a PoC and an exercise in style.

      [OT] However, old news is old.

      • So this was... legal malware?

        Hacking / security testing software is legal, it's its usage that could be illegal.

        not in Germany [slashdot.org]. Sigh, stupid politicians...

        • by gl4ss ( 559668 )

          well,

          what's the difference between carrier iq and "hacking software"? or between hacking software and nmap? between hacking software and remote desktop? it boils down only to how it is marketed and installation path.

    • As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

      From what I can tell, this is a backdoor installer used by attackers that the author claims is actually something along the lines of proof-of-concept/research malware designed to be used for testing purposes, so as to avoid legal liability.

      • What legal liability? AFAIK the only restrictions on what code one can write and distribute involve encryption, encryption was (is?) considred a munition by most major nations, and therefore had/(has?) export restrictions applied to it. Code is simply a tool for making other tools, and aside from the encryption thing, none of it is illegal. What you do with those tools may or may not be legal.

        It boils down to how you approach the question, what is malware? If you think of that as a technical question tha
        • It boils down to how you approach the question, what is malware?

          However you want to define it, part of the definition is getting the software installed without the user knowing what, if anything, they're installing.

      • Comment removed based on user account deletion
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Authors of RAT's usually claim they are for legal uses only, only to be used on computers you are allowed access to. Claiming it is like a VNC server, even though they are straight up trojan horses. I don't know of any trojan author who has gotten into legal issues who wasn't also involved in viruses / worms / bot nets.

      • Re: (Score:2, Informative)

        So Windows RDT is a hack tool? What about all the remote administration that's done in corporate environments? My security team can remote into my computer at any time and view everything I'm doing... they can move files around, download stuff... whatever they'd like... all without me knowing a thing. Is that a trojan? I use a RAT to control remote PC on my network that just plays music on my porch. Is that a trojan? There's plenty of stuff this kind of thing is useful for that's not illegal.
    • Re:Interesting. (Score:5, Interesting)

      by davydagger ( 2566757 ) on Monday July 09, 2012 @08:10PM (#40598369)
      at this moment, there is no class of code that is illegal. Its completely legal to write malware, viruses, network security tools.

      Its only illegal if you use them against other people's computers. In fact most of the same tools used to break into computers are used to test security legimately, and many have even more diagnostic utilities.(wireshark, nmap, net cat, etc...)
    • So this was... legal malware? Can someone clue me in on the history of this utility? As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

      Dark Comet was simply a very robust and functional Remote Admin Tool. You know, like Teamviewer or Logmein Pro or.... Take your pick.

      The thing is, it was free and it was totally customizable in how you compile the client side service. Meaning, you could make the runtime executable glom itself into explorer.exe or iexplore or whatever persistence method you wanted. It could automatically add itself to the registry in different ways to guarantee it running.

      Also it reportedly could respond well to having the s

  • Or am I missing something here?
  • This in the article worries me: "Symantec said that any closures of [remote administration tool] projects were a positive thing, especially if the creators were compelled to do so by the threat of prosecution." So are GoToMyPC, LogMeIn, and SSH considered terrorist tools now?
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      So are GoToMyPC, LogMeIn, and SSH considered terrorist tools now?

      No, you fucking idiot. But nice strawman since the person you quoted said nothing about terrorism.

      • by tepples ( 727027 )

        Author Kills DarkComet Spyware After Syria Uses It

        the person you quoted said nothing about terrorism.

        I'll grant that that particular quote does not mention terrorism, but the article mentions Syria, and Syria is one of the four remaining countries on the United States' list of State Sponsors of Terrorism [wikipedia.org].

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          So your logic is: if Syria = Terrorism and Syria = (RAT) , there for (RAT) = Terrorism?

          • by murdocj ( 543661 )

            So your logic is: if Syria = Terrorism and Syria = (RAT) , there for (RAT) = Terrorism?

            I'm rescuing the parent post from being modded to oblivion since it hits the nail right on the head.

  • I don't get it... (Score:3, Insightful)

    by ettusyphax ( 1155197 ) on Monday July 09, 2012 @10:21PM (#40599035)
    So he shut the project down ostensibly because the Syrian government was using it to spy on citizens or whatever. "Misuse of the tool" being his words. Okay yeah that sucks but what did he expect people to use it for? Monitoring their baby's computer to make sure it doesn't choke on the keys? Shutting it down now as opposed to before when it was never used for nefarious ends? Seems like a pile of BS to me. More likely he shut it down because of legal threats now that he's on the radar - as is not-so-subtly implied by the article.

    You made a bomb "for educational purposes" and then gave it away. Don't pretend like you're on some moral high ground when it goes off in someone's face and your name shows up in the newspaper.
  • More developers should have the balls and control to do this. Kudos. But i have watched BBC.Panorama.2012.Homs.Journey.into.Hell. So you could say i am a bit biased. Burn that asad guy at the stake! war criminal beyond belief.

    http://kat.ph/bbc-panorama-2012-homs-journey-into-hell-576p-x264-aac-hdtv-t6239795.html [kat.ph]

  • Kind of like the noble hooker of Hollywood lore, abandoning her nefarious deeds for the good of humanity. Thank you, mon frere! Of course, it would've worked out great had you not started the project in the first place.

  • It's all fun and games until someone loses an eye. Or resistance movememt.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...