Earlier this week, SecurityWeek detailed the shutdown of the DarkComet project by its creator, because his works were used to attack protesters in Syria. The RAT had an interesting lifespan, and it was used in several attacks, according to Arbor Networks.
Jean-Pierre Lesueur, who was responsible for bringing DarkComet to life, said that DarkComet was developed and given away for free, as long as people didn’t use it for malicious purposes.
“…because of the misuse of the tool, and unlike so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and I will not cover for you,” Lesueur explained, commenting on the laws that hold developers of security tools responsible for their misuse. “The law is how it is and I must abide by the rules, yes its unfortunate for devs in security but that’s how it is.”
In addition to being used to attack Syrians, DarkComet was also used as a tool to target governments, where the attacker seemed to have used the Remote Access Trojan (RAT) to test redirecting government traffic online. Another example is its use on gamers, as DarkComet was found targeting players of Runescape, likely to create a botnet for DDoS attacks.
“DarkComet is very popular RAT and is actively developed and widely used. It can be difficult to determine the motive of the attacker, however sometimes there are enough traces left over that can help us piece together the potential goals of a campaign,” Arbor’s Curt Wilson wrote.
“The real value of the RAT to the attacker is the core remote control functionality that breaches the confidentiality and integrity of the victim and the victim network by allowing the attacker full access to the target system.”
Arbor’s post on the topic is an interesting read, given that they were using the passwords, server IDs and Command & Control infrastructure of the various DarkComet campaigns to track their usage.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
