Home page logo

fulldisclosure logo Full Disclosure mailing list archives

DarkComet - syrian revolution trojan analysis and author interview
From: "Adam Behnke" <adam () infosecinstitute com>
Date: Wed, 21 Mar 2012 10:36:17 -0500

On February 17th the CNN published an interesting article, where some
Syrian's regime opponents claimed that the government was using a Trojan to
monitor and disrupt the protestor's network. Apparently the regime has been
using a well-known social engineering technique: impersonate a trusted
person then attack from the inside. It is not possible to confirm the story
but this is what is being told by the opponents of the regime: apparently
one of the protestors was brought to jail and promptly forced to hand over
his passwords. Those passwords were used later on to access his Skype
account and infiltrate the network of protestors, spreading via chat a
program containing some malicious code. In other cases the same file was
delivered as a Facebook Chat security update, together with a Facebook icon,
while some other people claim that it was also sent by mail. Whatever the
means, the common sign among all the stories is that this file, after being
opened, did simply nothing and even the antivirus didn't complain at all. 

What follows is an indepth analysis of the Trojan as well as an interview
with the author of the RAT:


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • DarkComet - syrian revolution trojan analysis and author interview Adam Behnke (Mar 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]