It’s not the end of the world: DarkComet misses by a mile

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

It’s not the end of the world: DarkComet misses by a mile
DarkComet.png
Botnet DarkComet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 16 mars 2012
Editor/Conference Arbor Networks
Link http://ddos.arbornetworks.com/2012/03/its-not-the-end-of-the-world-darkcomet-misses-by-a-mile/ (Archive copy)
Author Jeff Edwards
Type

Abstract

This blog post is the fourth installment in our ongoing series of articles exploring the crypto systems commonly found in various DDoS malware families. Previous subjects have included Armageddon, Khan (now believed to be a very close “cousin” of Dirt Jumper version 5), and PonyDOS. Today we’ll be diving deep into the details of the DarkComet RAT’s crypto. Over the last several months, we have encountered a large number of unique DarkComet samples – over a thousand and counting. DarkComet, also known as Trojan.Fynloski, is primarily a general purpose remote access trojan (RAT). It’s capabilities support quite an extensive laundry list of mischief, including but not limited to key logging, web cam (and sound card) spying, deleting victim files, scanning ports, hijacking MSN sessions, etc.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR940,
   editor = {Arbor Networks},
   author = {Jeff Edwards},
   title = {It’s not the end of the world: DarkComet misses by a mile},
   date = {17},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://ddos.arbornetworks.com/2012/03/its-not-the-end-of-the-world-darkcomet-misses-by-a-mile/}},
 }