How serious can a malicious software infection be these days? Short answer = Very. The video below is a 16 minute answer to that question using pictures of what a malware infection looks like to the bad guy who manages to get a RAT installed on a victim machine. That’s R.A.T. for Remote Access Tool which is one of the most popular categories of “crimeware” being deployed by cybercriminals today. (Update 6/1/2012: Some RATs may be modular in design and possess espionage capabilities highlighted by media coverage of the malware known as Flame, Flamer, or sKyWIper (detected by ESET as Win32/Flamer.A)).
In the video I take a closer look at one example, DarkComet RAT, the capabilities of which include using the victim’s webcam and microphone to spy on them. This capability was recently added to another piece of modular, point-and-click malware–SpyEye–as described in a recent story in PC World. (Update 7/12/2012: The author of DarkComet RAT has stopped supplying or updating the software, partly because of its “abuse” by the Assad regime in Syria.)
The video is an expanded recording of a slide presentation I gave several times at Interop in Las Vegas earlier this month and includes a description of the role that antivirus software can play in defeating this type of malware. After the presentations I had numerous requests for copies of the slides from people who wanted to use them in their own security awareness programs. I was happy to oblige because I think that seeing these pictures will have more impact on employees and executives than reading yet another article that merely states: “malware infections are to be avoided because they can compromise data.” That statement is true but sometimes you need to see something to take it to heart.
Note that ESET products detect SpyEye as Win32/Spy.SpyEye and Dark Comet RAT as Win32/Fynloski. If you think your Windows computer is infected with either of these pieces of malware or any other malicious code or spyware you might want to scan it with ESET’s Free Online Scanner.