Slashdot Mirror

← Back to Stories (view on slashdot.org)

Syrian Government Uses Skype To Push Malware To Activists

Posted by Soulskill on from the call-was-coming-from-inside-the-internet dept.

judgecorp writes "The Syrian government is using Skype as a channel to infect activists' systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. 'The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT." Xtreme Rat is a full-blown malicious Remote Access Tool.'"

5 of 139 comments (clear)

  1. Re:are people really this stupid by girlintraining · · Score: 5, Informative

    When the file comes from a trusted source, it's not stupid. You have to trust someone eventually; The OS manufacturer (ie, Apple, Microsoft, etc.), the distributor (the person making the DVDs), etc. Trusting a friend isn't stupid, it's what most people would do. That's exactly why so many different worms try to propagate using a person's address book; Human trust networks.

    It was only stupid that he didn't scan the file first, not that he accepted the download. And if said malware is custom-designed, it wouldn't be in any anti-malware/anti-virus definitions, and so he could do everything right and still wind up screwed. How many governments have asked that their malware not be added to the definition files again? ALL OF THEM.

    --
    #fuckbeta #iamslashdot #dicemustdie
  2. Bad Summary by Anonymous Coward · · Score: 5, Insightful

    "Syrian Government Uses Social Engineering To Push Malware To Activists."

    They could be using e-mail for the same thing. Or other IM channels that offer direct connect. Or Dropbox. Or any other channel.

    The clever bit is trying to convince people to download and run an unknown tool by impersonating someone they've imprisoned.

  3. Re:are people really this stupid by Lunix+Nutcase · · Score: 5, Insightful

    Because maybe he didn't actually know the person had been arrested to begin with? These political dissident arrests are not publically broadcasted, you know...

  4. EFF Published This Two Months Ago by headhntr · · Score: 5, Informative

    This F-Secure post is not news. The EFF wrote this up on March 5th: https://www.eff.org/deeplinks/2012/03/how-find-syrian-government-malware-your-computer-and-remove-it

  5. Re:are people really this stupid by Lunix+Nutcase · · Score: 5, Insightful

    I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.