Shady RAT not so sophisticated: Symantec

Shady RAT not so sophisticated: Symantec

Summary: Symantec has conducted its own investigation into the global hacking operation that McAfee has dubbed Operation Shady RAT, and called into question whether the attacks were really all that sophisticated.

SHARE:
TOPICS: Security
9

Building on top of McAfee's report on a global hacking operation nicknamed Shady Rat, Symantec's investigation, written by Hon Lau on the security company's blog, explains how organizations were initially targeted, using emails with attachments that contained exploit code. The attachments seemed typically harmless, being Word, Excel, PowerPoint and PDF documents; however, when opened on unpatched systems, it dropped a trojan at the same time as displaying the expected document.

The trojan itself downloaded images and HTML pages from remote sites, which seemed innocent enough, but according to Lau, actually contained hidden or encrypted instructions that allowed it to contact the command and control server and let attackers know it has compromised its target.

While this level of infiltration might seem highly sophisticated, McAfee noted in its report that "this is not a new attack". Lau stated that "while this attack is indeed significant, it is one of many similar attacks taking place daily". In fact, Lau has raised the question of whether the hackers were really all that sophisticated to begin with.

"The attackers not only failed to secure their server properly, they had also installed various web traffic analysis tools on it too," he wrote. "For example, on one of the sites, we were able to see the statistics about computers contacting the command and control server to download command files."

For more on this story, read Shady RAT not so sophisticated: Symantec on ZDNet Australia.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • RE: Shady RAT not so sophisticated: Symantec

    Typical McAfee scare tactics. Wonder how many of us, including myself, got emails from McAfee offering good deals on their security system. I regard this as spam.
    ITOdeed
    • RE: Shady RAT not so sophisticated: Symantec

      @ITOdeed Is there anyone on ZDNet who doesn't believe a subset of companies (Microsoft, Apple, HP, McAfee, Symantec, Adobe, Nokia, RIM, Sony, and/or Google) are out to get them and literally sit down and plan to intentionally introduce bugs into their products, spy on them, steal their information, steal their money, invent false products or false claims against their competitors, and conduct elaborate frauds worthy of a Bernie Madoff/Steven Spielburg co-production?<br><br>ITO - how is it a "scare tactic"? Symantec is confirming operation Shady RAT is REAL. It HAPPENED. The server McAfee talked about is REAL. All they're saying is that they don't think this was that hard to do. That's EVEN SCARIER.<br>If you want a conspiracy theory at all, it should be to say that Symantec is showing sour grapes because they didn't take credit for uncovering this systemic IP theft first.
      jgm@...
    • RE: Shady RAT not so sophisticated: Symantec

      @ITOdeed
      Then get off ther mailing lists; they'll honor the request if you smply use the link to their URLs.
      tom@...
  • RE: Shady RAT not so sophisticated: Symantec

    I find McAfee quite user unfriendly and hard to understand what it's doing though it's been three years since I last tested them.
    Symantec/Norton however are right on top of the situatioin and to date I've never had anything noted elsewhere to not be on Norton unless it was a one-up. Even hoaxes are listed. Their heurstics are also great, I've found, and though I've only had two heurstc hits, both were spot-on.
    My only complaint about Symantec/Norton is they're getting too expensive, especially their subscriptions. I would have already switched, but so far no one gives me the turn-key effective relability that Norton does.
    tom@...
  • RE: Shady RAT not so sophisticated: Symantec

    - Get fome free AVG
    - Keep your Computer up to dates with Auto-Updates
    - Live behind a firewall
    - Don't be a dumbass with offers 'too good to be true', they are.
    - Back your PC up
    - Set your AV to do a daily sweep

    You will have little real chance of an virus/malware etc infestation on your kit.

    The number of friends with expired trial AV, and Windows updates off and a laptop with leoprosy is hugely frustrating, esp. when they rock up and expect me to fix it, though it saves on beer costs :-)
    neilpost
  • RE: Shady RAT not so sophisticated: Symantec

    Mt2 turk MMO PvP game download online game servers
    <a href="http://www.metin2oyunu.org" title="metin2" target="_blank">metin2</a> - <a href="http://www.metin2oyunu.org/indir" title="metin2 indir" target="_blank">metin2 indir</a> - <a href="http://www.metin2oyunu.org/hileler" title="metin2 hile" target="_blank">metin2 hile</a> - <a href="http://www.metin2oyunu.org/gm-komutlari" title="metin2 gm komutlari" target="_blank">metin2 gm komutlari</a> - <a href="http://www.metin2oyunu.org/category/metin2-at-gorevleri" title="metin2 at gorevleri" target="_blank">metin2 at gorevleri</a>
    MMO online games, game related content turk mt2 pvp servers
    <a href="http://www.metin2pvpserver.net" title="metin 2" target="_blank">metin 2</a> - <a href="http://www.metin2pvpserver.net" title="pvp" target="_blank">pvp</a> - <a href="http://www.metin2pvpserver.net" title="server" target="_blank">server</a> - <a href="http://www.metin2pvpserver.net/knight" title="knight" target="_blank">knight</a>
    Mt2 turk MMO PvP game servers online
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp sererler" target="_blank">metin2 pvp sererler</a> - <a href="http://www.metin2pvpserverlar.com" title="pvp serverlar" target="_blank">serverlar</a> - <a href="http://www.metin2pvpserverlar.com" title="pvp serverler" target="_blank">pvp serverler</a> - <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp sererlar" target="_blank">metin2 pvp sererlar</a> - <a href="http://www.metin2pvpserverlar.com/pvp-kenti" title="pvp kenti" target="_blank">pvp kenti</a>

    download http://www.metin2oyunu.org game servers online http://www.metin2pvpserver.net turk mt2 pvp servers http://www.metin2pvpserverlar.com
    zafer12
    • RE: Shady RAT not so sophisticated: Symantec

      Each system is a deficit. Certainly this has something to do. Before them the availability of important gaps in the u

      http://m2oyna.com http://pvp-serverlar.in
      Metin2
  • RE: Shady RAT not so sophisticated: Symantec

    Get professional results <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Straighteners</strong></a> with ghd's brand new <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Hair Australia</strong></a> collection of 10 brushes <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Hair Straighteners Cheap</strong></a> and 2 combs ? developed <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-midnight-collection-c-2/"><strong>GHD Collection</strong></a> with professional stylists <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-pink-hair-straighteners-c-3/"><strong>Ghd Kiss</strong></a> to give you a smooth <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-pink-hair-straighteners-c-3/"><strong>Ghd Pink 2009</strong></a> and sleek finish <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-purple-hair-straighteners-c-4/"><strong>Ghd Purple Sale</strong></a> to your style. <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-purple-hair-straighteners-c-4/"><strong>yongfengying2</strong></a>
    yongfengying2
  • RE: Shady RAT not so sophisticated: Symantec

    Collection sale in 2011 <a href="http://www.tods2sale.com/"><strong>Tod Sale</strong></a> Stylish womens Tods <a href="http://www.tods2sale.com/"><strong>Tods Bags Sale</strong></a> Shoes on Todsonsale <a href="http://www.tods2sale.com/"><strong>Tods Outlet</strong></a> Online Store. Brand <a href="http://www.tods2sale.com/tods-floral-lace-shoes-c-1/"><strong>Cheap Tods Floral Lace</strong></a> New & Authentic Quality. <a href="http://www.tods2sale.com/tods-captoe-ballet-flats-c-2/"><strong>Tods Flats</strong></a> Free Shipping + Best Discount, <a href="http://www.tods2sale.com/tods-gommino-leather-shoes-c-3/"><strong>Tod's Gommino</strong></a> About 9 business days To <a href="http://www.tods2sale.com/tods-heaven-laccetto-drivers-c-4/"><strong>Tod's Mens Shoes</strong></a> Your Door! Feature of <a href="http://www.tods2sale.com/tods-snakeskin-lace-shoes-c-6/"><strong>Tods Snakeskin</strong></a> Tods Gommno Shoes Black Red. <a href="http://www.tods2sale.com/"><strong>yonfengying2</strong></a>
    yongfengying2