Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Websense: Protect yourself from BlackShades RAT
SECURITY

Websense: Protect yourself from BlackShades RAT 

Recently, a number of international law enforcement agencies raided the homes of hackers in several countries linked to BlackShades. Europol arrested an 18 year old man on charges of infecting over 2,000 computers. His aim was to take pictures of women and girls undressing. While news of individuals being affected has made headlines, Alex Watson, director of security research, Websense, noted that BlackShades RAT can be turned against the enterprise as well.

BlackShades is a remote access Trojan (RAT). “Remote Access Trojans such as BlackShades are a toolbox for attackers that allow them to perform a variety of tasks from a single piece of malware, such as stealing information from compromised machines, bridging the attacker onto the network, or scanning the network for other vulnerable machines,” Watson explained.

What happens during an attack? “We often see the RAT being delivered to users via emails with malicious attachments, which can be Microsoft Office documents or Adobe PDFs that download and install the BlackShades RAT,” Watson said. “After being installed, the Blackshades RAT connects back to the attacker and allows them to perform a variety of operations on the victim’s computer, such as stealing documents, logging keystrokes and even activating a victim’s camera.”

Thus far, the attacks that have garnered the most media attention have been those against individuals. That does not mean that businesses are not at risk, though. Watson recommended that organizations take security precautions to protect themselves and their valuable data.

“A layered defense strategy is the best way to protect against threats such as Remote Access Trojans,” he commented.” Emails containing infected attachments and links are often the culprit of attacks, and they must be screened carefully. “This includes tools to automate inspection and analysis of links and files sent to users via email,” Watson remarked.

There are steps that are easy to implement but can have a large impact. “For small changes that can make a big difference, I recommend that organizations block executable attachments and archives (such as ZIP) that contain executables which may be malware,” Watson suggested. This measure can stop an attack before it even starts.

One of the most important defenses is neither software nor hardware; the front line is your employees. “Programs to train employees not to open attachments or links from suspicious emails can make a huge difference,” Watson pointed out. Education should be a vital part of a company’s security plan.

Unfortunately for companies and individuals alike, BlackShades RAT will most likely remain a powerful threat for some time to come. “BlackShades RAT’s source code has been available on the Internet for more than three years,” Watson stated. “As it’s based on the Visual Basic programming language, it’s likely quite easy for moderately skilled hackers to modify for their purposes. I expect that we will continue to see it used over time.” Websense’s director of security research does not have a completely bleak outlook, though. “Hopefully the recent actions from the FBI will make attackers think twice before continuing attacks,” Watson remarked.

{module Gone in 60 seconds}

Related posts