W32.Shadesrat (Blackshades) author arrested

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

W32.Shadesrat (Blackshades) author arrested
Blackshades1.png
Botnet BlackShades
Malware Shadesrat
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / June 30,2012
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/w32shadesrat-blackshades-author-arrested (Archive copy)
Author
Type

Abstract

In a global sting operation carried out by the FBI, over 24 people have been arrested, including an individual named Michael Hogue, a.k.a. "xVisceral". According to an underground forum post, xVisceral is involved in the Blackshades project, at the very least as a project manager. It is likely, however, that this Remote Access Tool (RAT) is the work of more than one individual.

"MICHAEL HOGUE, a/k/a "xVisceral," offered malware for sale, including remote access tools ("RATS") that allowed the user to take over and remotely control the operations of an infected victim-computer. HOGUE's RAT, for example, enabled the user to turn on the web camera on victims' computers and spy on them, and to record every keystroke of the victim-computer's user. If the victim visited a banking website and entered his or her user name and password, the key logging program could record that information, which could then be used to access the victim's bank account. HOGUE sold his RAT widely over the Internet, usually for $50 per copy and boasted that he had personally infected "50-100" computers with his RAT, and that he'd sold it to others who had infected "thousands" of computers with malware. HOGUE's RAT infected computers in the United States, Canada, Germany, Denmark, and Poland, and possibly other countries." Source: United States Attorney's Office

The coder for the tool appears to be "MarjinZ". The source code for BlackShades was leaked in 2010 and both aliases appear in the chat server admin database.

Bibtex

 @misc{2012BFR1061,
   editor = {Symantec},
   author = {},
   title = {W32.Shadesrat (Blackshades) author arrested},
   date = {30},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://www.symantec.com/connect/blogs/w32shadesrat-blackshades-author-arrested}},
 }