http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240008942/popular-rats-found-riddled-with-bugs-weak-crypto.html By Kelly Jackson Higgins Dark Reading Oct 11, 2012 RATs have bugs, too: New research shows that remote administration tools often used for spying and targeted attacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. A pair of interns for Matasano Security recently published their findings of vulnerabilities they discovered while reverse-engineering popular RATs, specifically DarkComet, Bandook, CyberGate, and Xtreme RAT. Shawn Denbow of Rensselaer Polytechnic Institute and Jesse Hertz of Brown University, both undergraduate computer science students now in their senior year, found that the RATs contain flaws common in mainstream software, such as SQL injection, arbitrary file reading, and weak encryption. "This shows that it is possible, and that it's not hard, to pick apart attacker tools and come up with proactive defenses against them," says John Villamil, senior security consultant with Matasano, who served as Denbow and Hertz's adviser for the project. "If nothing else, it can help forensics companies analyzing traffic from compromises ... and help build tools that analyze these Trojans, and provide signatures [to detect them]." Vulnerability research into attacker tools is rare, but not unheard of. "It's very rare to see this type of research," Villamil says. [...] -- Get your CEH, CISSP or ISSMP with ExpandingSecurity.com Live OnLine classes that will not wreck your schedule. Come to a free class and see how good our program really is. Free weekly PainPill: http://www.expandingsecurity.com/PainPillReceived on Fri Oct 12 2012 - 05:39:12 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 12 2012 - 05:36:37 PDT