All the latest UK technology news, reviews and analysis


Syrian Malware Team found spewing 'Dark Edition' BlackWorm RAT

29 Aug 2014
Dark Edition BlackWorm more dangerous than ever

A hacker group believed to have links to the notorious Syrian Electronic Army (SEA) is mounting a wave of cyber attacks using the BlackWorm remote access trojan (RAT).

FireEye threat researchers Kyle Wilhoit and Thoufique Haq reported uncovering the cyber campaign in a blog post warning the group, codenamed The Syrian Malware Team (SMT), is hitting a number of targets with a developed version of the public attack tool.

"The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on Centcom. While these attacks garnered public attention, the activities of another group - The Syrian Malware Team - have gone largely unnoticed," read the post.

"The group's activities prompted us to take a closer look. We discovered this group using a .NET-based RAT called BlackWorm to infiltrate their targets."

BlackWorm is a common tool originally co-authored by Naser Al Mutairi from Kuwait, better known by his online moniker "njq8". The RAT's builder is available on many cyber black markets and development forums and has been used to create a variety of different BlackWorm variants and attack tools.

The SMT primarily uses an altered version of the BlackWorm RAT, codenamed the Dark Edition (v2.1). The FireEye researchers said the Dark Edition is more dangerous than the original RAT.

"BlackWorm v2.1 has the same abilities as the original version and additional functionality, including bypassing User Account Control (UAC), disabling host firewalls and spreading over network shares," read the post.

"Unlike its predecessor, it also allows for granular control of the features available within the RAT. These additional controls allow the RAT user to enable and disable features as needed."

It is currently unknown how long the SMT's campaign has been running or who specifically is being targeted, but the FireEye researchers said the group has been operating since at least 2011.

BlackWorm is one of many attack tools to receive technical upgrades over the past year.

Researchers from Trend Micro reported finding a variant of the Bifrose malware that leverages the Tor network to hide its communications has been caught targeting an unnamed device manufacturer on 29 August.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
0%
16%
16%
16%
52%
0%
0%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Software Development Manager

Software Development Manager (Head of Development, Software...

SAP Test Analyst

SAP Test analyst Our globally renowned client...

eCommerce Java / J2EE Developer - Agency Audi UK, Argos, Halfords...

eCommerce Java / J2EE Developer - Agency Audi UK, Argos...

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...
To send to more than one email address, simply separate each address with a comma.