Security Experts:

DarkComet RAT Pulled by Developer

The developer for DarkComet, a Remote Access Tool (Trojan), has pulled the application and ended development. The tool’s less than stellar reputation, as well as legal concerns, were listed as two of the main reasons for the project’s abrupt conclusion.

Jean-Pierre Lesueur, the one responsible for bringing DarkComet to the masses, said that he toiled away at DarkComet for years and offered it freely in exchange for one thing - that those using it would do so responsibly. However, clearly that rule wasn’t followed; and so DarkComet is no more.

Last month, SecurityWeek reported on the EFF’s findings that DarkComet was being used to target Syrian activists. DarkComet was linked to similar attacks online in Syria in May too. Something that Lesueur was less than pleased about.

Laws being passed across the globe, which hold developers accountable for the damage that their security tools do in the wrong hands, also led to DarkComet being taken down. For example, in June the developer of the Blackshades RAT was arrested, but unlike DarkComet – that tool was intended to be malicious from the start.

“...because of the misuse of the tool, and unlike so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and I will not cover for you. The law is how it is and I must abide by the rules, yes its unfortunate for devs in security but that’s how it is,” Lesueur explained.

While Lesueur’s letter seems genuine – and perhaps he is upset that his tool has to go in order to save his own skin – it isn’t forgotten that he developed something that was easily implemented, controlled, and scaled. It was designed for one reason only; remote access to systems.

If he is a serious about information security as he claims to be, then Lesueur knew that this tool could be abused. Syria is a perfect example of this. Yet, despite all of this, he released it anyway.

DarkComet may have started out as something useful and meaningful to the world of security, but ask the protesters in Syria where a road paved with good intentions can lead.

A copy of DarkComet’s removal statement is here

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.