Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

DarkComet May be Gone – But Not Forgotten by its Victims

Earlier this week, SecurityWeek detailed the shutdown of the DarkComet project by its creator, because his works were used to attack protesters in Syria. The RAT had an interesting lifespan, and it was used in several attacks, according to Arbor Networks.

Jean-Pierre Lesueur, who was responsible for bringing DarkComet to life, said that DarkComet was developed and given away for free, as long as people didn’t use it for malicious purposes.

Earlier this week, SecurityWeek detailed the shutdown of the DarkComet project by its creator, because his works were used to attack protesters in Syria. The RAT had an interesting lifespan, and it was used in several attacks, according to Arbor Networks.

Jean-Pierre Lesueur, who was responsible for bringing DarkComet to life, said that DarkComet was developed and given away for free, as long as people didn’t use it for malicious purposes.

“…because of the misuse of the tool, and unlike so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and I will not cover for you,” Lesueur explained, commenting on the laws that hold developers of security tools responsible for their misuse. “The law is how it is and I must abide by the rules, yes its unfortunate for devs in security but that’s how it is.” 

In addition to being used to attack Syrians, DarkComet was also used as a tool to target governments, where the attacker seemed to have used the Remote Access Trojan (RAT) to test redirecting government traffic online. Another example is its use on gamers, as DarkComet was found targeting players of Runescape, likely to create a botnet for DDoS attacks.

“DarkComet is very popular RAT and is actively developed and widely used. It can be difficult to determine the motive of the attacker, however sometimes there are enough traces left over that can help us piece together the potential goals of a campaign,” Arbor’s Curt Wilson wrote.

“The real value of the RAT to the attacker is the core remote control functionality that breaches the confidentiality and integrity of the victim and the victim network by allowing the attacker full access to the target system.”

Arbor’s post on the topic is an interesting read, given that they were using the passwords, server IDs and Command & Control infrastructure of the various DarkComet campaigns to track their usage.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack