Shady RAT not so sophisticated: Symantec

Summary:Symantec has conducted its own investigation into the global hacking operation that McAfee has dubbed Operation Shady RAT, and called into question whether the attacks were really all that sophisticated.

Building on top of McAfee's report on a global hacking operation nicknamed Shady Rat, Symantec's investigation, written by Hon Lau on the security company's blog, explains how organizations were initially targeted, using emails with attachments that contained exploit code. The attachments seemed typically harmless, being Word, Excel, PowerPoint and PDF documents; however, when opened on unpatched systems, it dropped a trojan at the same time as displaying the expected document.

The trojan itself downloaded images and HTML pages from remote sites, which seemed innocent enough, but according to Lau, actually contained hidden or encrypted instructions that allowed it to contact the command and control server and let attackers know it has compromised its target.

While this level of infiltration might seem highly sophisticated, McAfee noted in its report that "this is not a new attack". Lau stated that "while this attack is indeed significant, it is one of many similar attacks taking place daily". In fact, Lau has raised the question of whether the hackers were really all that sophisticated to begin with.

"The attackers not only failed to secure their server properly, they had also installed various web traffic analysis tools on it too," he wrote. "For example, on one of the sites, we were able to see the statistics about computers contacting the command and control server to download command files."

For more on this story, read Shady RAT not so sophisticated: Symantec on ZDNet Australia.

Topics: Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.