Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Admin Tools May Not Be Clever Enough For Their Own Good

Posted by timothy on from the come-into-my-parlor-said-the-spider-to-the-fly dept.

ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back."

21 comments

  1. Unbelievable, software has bugs too by invisibl3 · · Score: 5, Funny

    Unbelievable, software has bugs too

    1. Re:Unbelievable, software has bugs too by Grayhand · · Score: 5, Funny

      Unbelievable, software has bugs too

      Probably a bad idea authoring spyware in Flash.

    2. Re:Unbelievable, software has bugs too by Anonymous Coward · · Score: 0

      yeah man, like, if we knew that malware was often poorly written we would know to look for bad system performance and stability as a sign of malware/spyware/virus/trojan infection and stuff like that...

      no wait...

      maybe i think the article and the students are stupid...

    3. Re:Unbelievable, software has bugs too by fuzzywig · · Score: 1

      It's worse than that, they used Delphi. (Seriously!)

  2. news for nerds? by dutchwhizzman · · Score: 5, Insightful

    I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

    --
    I was promised a flying car. Where is my flying car?
    1. Re:news for nerds? by Psychotria · · Score: 5, Funny

      I'd say nerds were aware of these flaws a long time ago. They chose not to make the whole world aware of this, since it helped catch criminals that continued to used these tools. this is probably only news for the criminals using the tools, which will probably mean that catching them will be more difficult in the future.

      Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

    2. Re:news for nerds? by Fnord666 · · Score: 3, Insightful

      Judging from the amount of comments thus far (about 7) I think that this "story" surely has to rate as one of the biggest in /.'s history. The lack of comments, to me, indicates that the entire population of nerds across the world are dumbfounded by the article's revelation and that they are collectively lost for words to express their dismay.

      Judging from the amount of comments thus far (about 7) I think that this "story" got posted in the late evening / early morning on a non work day. Timing is everything.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    3. Re:news for nerds? by BitZtream · · Score: 0

      Stories posted by timothy almost always have low counts, most people with a clue have ignored him on the front page. I only got caught because I wasn't logged in.

      He's a moron who posts ignorant crap so most of slashdot knows better.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    4. Re:news for nerds? by KFK+-+Wildcat · · Score: 1

      Or it may make people afraid of developping / running these tools.

    5. Re:news for nerds? by RoknrolZombie · · Score: 1

      Not having anything worthwhile to say seldom prevents /.ers from saying it anyway.

  3. slow day? by ruir · · Score: 3, Funny

    Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

    1. Re:slow day? by Anonymous Coward · · Score: 2, Funny

      Where are the news? Next thing, a couple of college interns will discover there are honeypots and *gasp* honeynets too.

      Yeah this is slashdot so college interns won't be discovering sexual relationships. ;)

  4. There's a book which covers this by Anonymous Coward · · Score: 5, Informative

    If you're interested in this king of thing, Pick up "Aggressive network self-defence" It's a really interesting book full of stuff like this.

  5. OOPS by geekspy · · Score: 0

    This may be a huge security concern for the companies who remotely accessed their servers.

    1. Re:OOPS by Anonymous Coward · · Score: 2, Funny

      Hurry up, tell them! They surely can't be aware of this gaping security hole, then they would never connect unprotected sensitive systems to a global network .

  6. First off... by bmo · · Score: 3, Insightful

    There is a difference between a remote administration tool and a remote administration trojan. While the difference may seem technical, it matters. The summary confuses the two and the article doesn't seem to differentiate the two well enough.

    Secondly, remote admin trojans are "good enough" and don't need to be perfect. Taking into account savvy users is not productive with so many dumb users out there. And in some cases, as we've seen in the past, simply calling someone up on the phone and talking them into installing a legitimate product like GoToMyPC or Teamviewer or any of the dozens of similar tools is good enough.

    The people who are victims of remote admin trojans and "Hello $DUMBASS, please install Teamviewer" aren't exactly the ones who are running an active defense against malware anyway. They're not going to be "fighting back" until it is far too late, if at all.

    Getting into the meat of the article, there is a lot of bloviating about how weak RATs are. This is only a temporary state. But the funniest thing in the article is this phrase: "some of the tools included cut-and-pasted code from various sources, he says." Duh. That's how most programmers work, in a broad sense. What the fuck does the author think a library is?

    --
    BMO

  7. Did you ever read the stainless steel rat series? by way2trivial · · Score: 1

    in one of the books, when he explains himself, he describes himself as a stainless steel rat, because the 'game' between law enforcement/technology vs. crooks has advanced to the point where very few criminals have successful careers due to the degree of ability required. A hell of an analogy, keeps in line with what you describe...

    doesn't mean catching them will be more difficult, only that the cutting edge will mean those who are very deft will succeed.
    Script kiddies will fall by the wayside, hopefully in large numbers..

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  8. When you fire a gun at someone... by BitterOak · · Score: 3, Insightful

    ...that kind of gives away your location.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:When you fire a gun at someone... by antdude · · Score: 1

      Even with silent types?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    2. Re:When you fire a gun at someone... by Anonymous Coward · · Score: 0

      ...that kind of gives away your location.

      No it doesn't. They might be able to determine the direction, but not the distance.