Cybercriminals are creepy, and they can be even creepier during the holiday season. Symantec Security Response has published a blog and video discussing how today’s “peeping Tom” uses technology to snoop around your personal space, including:
- Spying on you through your computer’s webcam and capturing images
- Tracking your online activity and accessing your password protected sites
- Listening to your conversations through your computer’s microphone
These cyber creeps are able to perform these tasks with tools that are easily available online. Remote Access Trojans (RATs), or what Symantec refers to it as creepware, are malware that installs on a PC without the victim’s knowledge and allows an attacker to remotely take full control of the system.
What is Creepware?
Depending on who you ask, the acronym RAT can be an abbreviation for any of the following:
- Remote Access/Administration Tool
- Remote Access/Administration Trojan
Remote Access Tools are legitimate tools that can be used for technical support. I like using them for connecting to my home PC when I’m away. However, malware creators have developed applications, called remote access Trojans (creepware), which use these same tools for malicious purposes.
According to Symantec, creepware uses a client-server model – a software architecture model that consists of client and server systems. In a normal client-server relationship, the client (your PC) makes services requests to the server. The server processes these requests and returns the requested information to the client. Creepware, however, reverses this process and makes your infected PC the server and the attacker’s computer becomes the client. The attacker then launches malicious commands to your PC to take control of your system.
Creepware can be installed on your PC by clicking on links sent by email, chat rooms, social networks, drive-by downloads, or through peer-to-peer file-sharing/torrents. Creepware users range from cybercriminals who use creepware for fraud and extortion, while others use it for pranking others online. Whichever the case, both scenarios are serious crimes as they require unauthorized access to PCs.
Known Creepware Attacks
According to Symantec, there have been countless of cases where victims have been exploited by creepware. One way cybercriminals use creepware to monetize their activities is through sextortion. Sextortion involves non-physical forms of bullying to force sexual favors from the victim.
Cassidy Wolf, 19-year-old Miss Teen USA, became a victim of creepware. On August 2013, Cassidy’s fellow high-school student hacked into her device and captured pictures of her undressing in her bedroom. The hacker blackmailed Cassidy by threatening to publish the pictures online if she didn’t take explicit photos. Rather than giving in to the hacker’s demands, Cassidy reported the incident to the police and the hacker was eventually caught. The hacker pleaded guilty and admitted to have hacked at least two dozen women.
Unlike Cassidy, many victims don’t report creepware attacks due to fear of cybercriminals posting stolen or recorded content online. Symantec’s alarming findings emphasize the dangers of this crime and how victims have long lasting effects due to this type of harassment and cyberbullying that can even lead to suicide.
In Symantec’s Creepware article, Symantec lists several creepware programs, such as Blackshades (W32.Shadesrat), DarkComet (Backdoor.Breut), Poison Ivy (Backdoor.Darkmoon), and jRAT (Backdoor.Jeetrat).
One particular program, Pandora RAT (detected by Symantec as Trojan.Padorat), allows an attacker to access the following items:
- Network Connections
Once the attacker has control of the compromised system, Pandora RAT enables the attacker to:
- Remotely control the compromised PC
- Take screenshots
- Record webcam and audio
- Log keystrokes
- Steal passwords
- Access Web pages
- Display onscreen messages
- Hide taskbar and desktop icons
- Cause system failure
Stay Protected from Creepware
To stay protected, Symantec recommends the following:
- Install the latest system updates -- Ensure you have the latest updates installed on your computer. System updates help protect your computer form malware. Use Automatic Updates in Windows to automatically download and install Microsoft security updates for your computer.
- Use an antivirus software application -- Once you install an antivirus software on your PC, you must update the application with the latest signature files. Configure your antivirus software to routinely check for updates and schedule your application to scan your machine on a regular basis.
- Open email attachments with care -- Use extreme caution when handling emails and attachments you receive from unknown sources.
- Beware of Links -- Exercise caution when clicking on links sent via email, instant messages, or links from social networks.
- Downloading Files -- download files from trusted sources only.
- Be aware of unexpected webcam activity -- keep the webcam shutter closed when you’re not using your webcam.
By following these steps, you significantly decrease your chances on becoming infected with creepware. For more information on how you can protect yourself from creepware, visit www.symantec.com/security_response.