- Apr 13, 2013
- 3,144
Those not familiar with RATs of this type may want to review Part 1 to follow.
Those Nasty RATS Part 2
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Sep 22, 2014
- 1,767
I would like to see VoodooShield in this test.
Tnx for video
Tnx for video
Thank you for sharing another great vid, Sis.
Nice to see both products working well *thumbs up*
Nice to see both products working well *thumbs up*
- Apr 13, 2013
- 3,144
For those looking for a career in Computer Security, understanding how RATs work can be very, very beneficial. Over the past few years many hacking groups will install RATs of varying type on innocent servers, then using these infected Servers as a platform to carry out an attack on the real target. Depending on the skill of the attack Group, the layers of innocent compromised Servers may be 3 or 4 deep in order to hide anyone from following the trail back to the Group, this exposing them. Just as a security application will look for evidence of compromise, so will the malware RAT look for evidence of detection on the initial Server. If such detection is in evidence, the other Server layers (termed Failsafers) can be cut out thus protecting the attackers.
A whole industry is currently under development that concerns itself with things like this, the best known being iSight, Area1 and Shape Security. catering to the Enterprise sector, annual protection contracts frequently exceed 1 million USD annually. Point being that their may be Gold in RATs for the right people.
A whole industry is currently under development that concerns itself with things like this, the best known being iSight, Area1 and Shape Security. catering to the Enterprise sector, annual protection contracts frequently exceed 1 million USD annually. Point being that their may be Gold in RATs for the right people.
- Jun 12, 2014
- 314
In this case you decided to run this manually in the Comodo sandbox. Yet most users would rely on the auto-sandbox. Wouldn't this malware be overseen by the auto-sandbox because of the certificate?
- Jun 21, 2014
- 1,044
This type of malware is from 2009/2010. I find it interesting that old techniques still work nowadays.
- Apr 17, 2016
- 36
- May 1, 2015
- 314
Nice video, but you have already used that music in the past .
.Excellent video, and that music is very therapeutic.
- Mar 15, 2011
- 13,070
@cruelsister: You got that point, RAT is already considered as espionage weapon from any institution to attack from their opponent. Honestly virtualization software is still new for some organization that they don't even know it is alternative than traditional approach.
- Apr 13, 2013
- 3,144
A few things:
1). Fleischmann- The reason I tested Comodo in this way was to lay the foundation for something more elaborate that will be seen in part 5, which will essentially be a video demonstration of data I sent them last December.
2). Kate- this sort of malware, signed and targeted, has in all probability been extent on certain servers for years and is still not detected. And as pointed out in Part 1, the technique is much, much older than 2009; but as long as IT "Pro's" remain ignorant to the threat it should work well into the future to the detriment of us all.
3). LC- The song sounds better in a warm bath with candles and a glass of wine.
4). James- Superb point. I've wanted so many times to smash some people in the head with a bat (not that I would do so, being kind and gentle) in order to wake them up to such threats. How many breaches must occur before there is a realization that traditional methods of security are antiquated?
1). Fleischmann- The reason I tested Comodo in this way was to lay the foundation for something more elaborate that will be seen in part 5, which will essentially be a video demonstration of data I sent them last December.
2). Kate- this sort of malware, signed and targeted, has in all probability been extent on certain servers for years and is still not detected. And as pointed out in Part 1, the technique is much, much older than 2009; but as long as IT "Pro's" remain ignorant to the threat it should work well into the future to the detriment of us all.
3). LC- The song sounds better in a warm bath with candles and a glass of wine.
4). James- Superb point. I've wanted so many times to smash some people in the head with a bat (not that I would do so, being kind and gentle) in order to wake them up to such threats. How many breaches must occur before there is a realization that traditional methods of security are antiquated?
- Dec 3, 2015
- 938
Thank you very informative series you have got going, the variety they have(cover a lot C++, Java, Python,VB, Perl) and tricks to avoid the modern AV technologies is just scary. Sandboxing and virtualization excel here.
- May 14, 2016
- 1,597
Last edited:
- Jul 3, 2015
- 8,153
I assume you had a good reason not to publicize the vendor whose name appears on this abused certificate.
As you mentioned, some security softs use a trusted vendors list.
Would you recommend keeping the trusted vendors list as short as possible, for instance, microsoft + google/mozilla + vendors of necessary hardware drivers?
As you mentioned, some security softs use a trusted vendors list.
Would you recommend keeping the trusted vendors list as short as possible, for instance, microsoft + google/mozilla + vendors of necessary hardware drivers?
Similar threads
