RATs And A Fun Manager in Botnets

RATs And A Fun Manager in Botnets

I get quite a few people coming up to me and say, “I went to Shodan the other day for our systems, and I was shocked!”. One of the scariest things for most people is that someone could remote access their computer and see their desktop, and even control their hardware. This is scary world of RATs (Remote Administration Tools), where the good side of remote administration, is turned to an evil side.

Very few things can hide from Shodan, and a quick search for botnets shows that the Darkcomet botnet comes top with Turkey, USA and Russia hosting a good deal of the infrastructure:

DarkComet builds the other botnets such as ZeroAccess and njRAT — where RAT is Remote Administration Tool.

DarkComet was developed by Jean-Pierre Lesueur and created in 2008. One of its main features is a Graphical User Interface (GUI), which allows the user to access systems remotely (such as for key-logging, password cracking and screen capture). It even includes a “Fun Manager” where the intruder can “play” with the target:

Can you imagine someone hiding your desktop while you are using the computer, and then opening and closing your CD drive, but, underneath, there’s a lot more sinister things happening, and once there’s a RAT on your machine, you basically lose all control over it?

There are many more sinister things about DarkComet, especially in that it allows that uninstall for applications, including those for virus and email scanning. We can see here that the RAT provides the intruder with a list of installed applications, and the provision to uninstall them:

But it’s ability to connect through a remote desktop and take control of the user’s screen is perhaps its most sinister application:

This includes the ability to take over the mouse and keyboard functions.