Often I find myself trying to explain to people the dangers of trojan backdoors like poison-ivy to users who don't work in the IT security field. There are so many misconceptions out there about the threat and how wide-spread and commonplace it actually is. Part of the reason it is so hard for them to understand the nature of the threat is the false belief that to create a backdoor and distribute it takes some extreme amount of skill and effort, that users feel would be wasted in going after them, versus "bigger" targets like financial institutions, government networks, or some other mystical/magical "them".

The truth, however, is much more alarming. It is not a case of few exploits that must be used sparingly against a few high-profile targets. In fact, that's not how it works now anyway. The attackers aren't going after the institutions as much as they are the institution's customers. Even though it is one-by-one, it is far more profitable, and harder to prevent, and in some ways, less ways to be caught. Zeus and all its infections are a great example of this.

It is also a myth that it takes an enormous amount of skill or effort to produce the trojans or payloads, or to engineer the attacks overall. In fact, it does not. The applications that create these malware instances are called RATs (Remote Administration Toolkits) and they are freely available with plenty of documentation and tutorials.

One more thing I don't think is widely understood is the capabilities these tools have. We are no longer talking about some nuisance virus that infects a few files on your machine and denies you access to some resources. We are talking about code that is using your computer to commit crimes, hack other machines, send spam and phishing attacks and launch massive distributed denial-of-service attacks.

The attackers have access to your files, your connection, your webcam, microphone, desktop/console itself, and anything you have access to when you physically sit in front of your computer. These criminals can and do spy on their victims, not just in online transactions, but through the use of the webcam and microphone, they connect real lives to online identities. Think of what you do or say around your computer, what you discuss with your family, what sensitive information is shared. Maybe the dates you will be out of town, or the name of the school your kids go to, or account numbers, socials, maybe a job description that tells the criminals what information you might have access to.

To drive the point home, NovCon has collected a number of videos on a few examples of these RATs from around the net and is providing them here, on novcon.tv. The purpose is not to instruct the bad guys on how to do this. Believe me, there are enough internet destinations to that end as it is. Instead, it is hopefully to open either your eyes, or the eyes of someone you know on just how prevalent and pervasive this threat is, and how easy it is to carry out.

Below are just a few of these videos, organized by the toolkits they are about. One thing you should pay attention to: how young the voices are in some of the narrated videos.

Ceberus:

• How to use Cerberus [rat hack tool]
• Cerberus RAT Demonstration By Dalastar
• How to use Cerberus RAT

Dark Comet:

• DarkComet RAT 2.0 RC6
• [TUTO VIDEO] DarkComet 2.0
• Dark Comet [ By : Spy ]
• DarkComet.wmv

NovCon Solutions is more than happy to share what we've learned with your organization. If you are interested in having us speak to your group, please call 1.877.887.4041 extension 101