The Blackshades Remote Access Trojan

The Blackshades Remote Access Trojan

Michael Hogue’s Attempt to Infect the Internet

by Andrew Buckmaster

The Remote Access Trojan (or RAT as it’s sometimes called) is a very powerful and very dangerous type of Trojan virus. RAT mini programs are usually known as a Remote Administration Tool and they can be quite useful for a number of administrative tasks. The RAT viruses are a subset of tasks that function in a similar manner. Unlike Remote Administration Tools, a RAT serves darker purposes. A RAT essentially spies on the infected computer in a number of ways. It may install various malware programs that could seriously threaten your system. A RAT could steal personal data (such as banking details, pin numbers, etc). In the past two years, a specific RAT has differentiated itself as the most threatening of all Remote Access Trojans: the Blackshades NET Remote Access Trojan. The virulence and harmful potential of this spyware are so great, that cyber security organizations concentrated their efforts on bringing down this crime network as soon as possible. They just recently made a breakthrough on the matter. But more about the investigation and the arrests made will be detailed later. For now, let’s return to the Blackshades NET Remote Access Trojan.

The most frightening aspect of a RAT like Blackshades is that it’s capable of creating a Ransom Malware or Ransomware situation at any time. In such a situation, the computer’s system is hijacked. The user may even be locked out of his or her system completely. The user will then have to satisfy a ransom in order to regain access to his or her files. The personal data which a RAT is capable of extracting from a system can be used for all types of security threats: identity theft, banking security breach, loss of authentication details for a number of vital services. The list goes on and on.

The Blackshades Remote Access Trojan Virus and Its Creators

The Blackshades spyware RAT is produced by a company of the same name. The Blackshades company produces new versions of the virus quite often. The Blackshades company claims (most likely to protect themselves from litigation) that they allow users to install their program out of their own free will. They state that the program will allow users to spy on the activity of others using their computer. You’re probably asking yourselves why anyone would want to spy on their own computer. Nevertheless, an entire industry exists based on spying on other people through software and security cameras. The Blackshades virus doesn’t limit itself to agreed installs. Instead, it spreads through networks as most malware threats do: by fake links in emails and socializing networks; by installing seemingly different programs. The hackers have many techniques to infect others.

Fortunately, the company’s shoddy legal coverage wasn’t enough to elude the law. After conducting a dozen raids around the world, the FBI discovered the cybercrime network behind the Blackshades attacks. They managed to arrest more than 100 people worldwide. If you recall, the Bureau made previous arrests back in 2012. The arrests included over 20 individuals. Michael Hogue (xVisceral), the malware’s lead coder, was among those arrested. Despite of the mass arrests of 2012, the Blackshades RAT continued to infect computers worldwide at an increased rate. But with this new wave of recent arrests in May 2014, authorities hope that they put the main perpetrators of this cybercrime behind bars. Their hope is that arresting the leaders of the Blackshades NET Remote Acess Trojan will cause the virus to lose its presence on the web.

Among the people recently arrested were also 5 American citizens charged with being part of this cybercrime network of hackers. Further trail is needed before assessing guilt. The potential for harm and invasiveness of this RAT is frightening. One of the people accused during this recent wave of arrests, for example, used the program to take pictures of unsuspecting women and girls that were in range of the infected computers’ webcams. The potential this malware possesses for blackmailing with information is huge.

According to the FBI, currently, more than half a million computers are infected worldwide. Hopefully the recent cybercrime takedown will help make our computers safer. But, we can’t dismiss the fact that the many iterations and reiterations of this Trojan could change the face of online security and cybercrime forever. Ever since its source code was leaked on a forum in 2013, getting a grip on all copies of Blackshades has become increasingly difficult. Experts believe that hackers will gradually reorient towards other Trojans from now on. However, no one has commented as to whether this is good or bad. The next batch of Trojans could be even more powerful than Blackshades. Luckily, we’ve included a list of precautionary tips you can use to help keep yourself safe.

Tips on Protecting Your Computer

In addition to rules common to all threats (like never opening websites with untrusted security certificates), you should consider looking into a few good antivirus programs that are capable of dealing with the Blackshades Trojan. Here are a few suggestions:

•Symantec: This program protects users from the Blackshades activity under three detection names (W32.Shadesrat, W32.Shadesrat.B and W32.Shadesrat.C). Even if you’re not a Symantec user, they offer you a free Norton-based tool to remove the malware from your system in case you suspect you have an infection.

•Norton Anti-Virus: This is another option for getting rid of Blackshades. No anti-virus is 100% perfect at protecting against and removing Blackshades. This is as good as it gets to perfection.

•Spyhunter: This program is not so much of an anti-virus, but a competent scanner that can detect malware within your system.

If you suspect you have this Trojan virus in your computer, the FBI has a program they recommend you run to detect it. You can check out the scanner here. If the answer is positive, I highly recommend you use one of the above programs to remove it from your computer immediately.

About the Author:

My name is Andrew Buckmaster. I am a site manager for an online business consultation firm. I love to read and write about technology. In the past, I worked for a publishing company where I edited manuscripts. I currently live in Lancaster, PA with my wife and dog. I also run a blog called My site specializes in Blu-Ray/DVD burning, memory backup, and technology in general. When I’m not blogging or working, I enjoy producing electronic music and hanging out with friends.

 2,162 total views,  2 views today

(Visited 1 times, 1 visits today)

4 thoughts on “The Blackshades Remote Access Trojan”

  1. Windows defender runs daily. I schedule a “mal-ware bytes” to run 3 or 4 times a week. I know how to load “mal-ware bytes” from boot. Is this insufficient protection?

  2. Andrew Buckmaster

    SpyHunter comes with a free scan, and you do have to pay for the malware removal portion of the program. But, that doesn’t mean it’s a scam. Plenty of high quality, premium, commercial anti virus programs exist on the web. No one is going to run around claiming that Norton or McAfee are scams.

    Instead, I suggested SpyHunter because it’s a high quality program that is certified by West Coast Labs’ checkmark system: SpyHunter’s scan is very comprehensive and the program has an intuitive system for removing rootkits.

  3. Thanks for the heads-up about RATS, there are too many complacent people with their heads buried in the sand thinking it will never happen to them – this is a wake-up call – you have been warned !!

  4. The Blackshades Remote Access Trojan article suggest using SpyHunter software because it is “a competent scanner that can detect malware within your system.” What the article doesn’t say is that you must pay to have the malware removed and that you must sign up for an auto=-renewal that will charge your credit card every six months, automatically. This is similar to many scam outfits and I am surprised PC PitStop would recommend this type of company or its products.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.