You dirty RAT! part 2 – BlackShades NET

Jump to navigation Jump to search

(Publication) Google search: [1]

You dirty RAT! part 2 – BlackShades NET
Botnet BlackShades, DarkComet
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 / 15 juin 2012
Editor/Conference Malwarebytes
Link (Archive copy)
Author Adam Kujawa


Last week we talked about the Remote Administration Trojan DarkComet and all the wonderful and scary things it can do. In response to the twitter post announcing the blog, the author of DarkComet tweeted an answer to my big bold question:

“Considering that this is a Remote Administration Tool, to be used for good and what not….WHY DOES IT HAVE DDOS FUNCTIONALITY!?”

His answer was that he typically uses it for “Performing tests on his personal network to make sure it can protect against those kinds of attacks.” To simplify the answer, it’s like he built a bomb in order to see if his house was explosion-proof. He isn’t lying, it is possible to test your own defenses with such a weapon. I will leave it up to you, the reader, to decide whether or not that is a good enough reason to include the capability to perform Distributed Denial of Service attacks in his software.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1042,
   editor = {Malwarebytes},
   author = {Adam Kujawa},
   title = {You dirty RAT! part 2 – BlackShades NET},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2012},
   howpublished = {\url{}},