Saturday, July 28, 2007
Shark2 - RAT or Malware?
The latest release (26 July 2007) of the Shark2 RAT (Remote Administration Tool) once again demonstrates how thin is in fact the line between RATs and malware. Moreover, the reality on how malware is often pitched as a RAT for educational purposes only, whereas it includes typical malware-like features such as virtual machine detection and anti virus detection, ones not so common for RAT's such as PC Anywhere for instance. So, it's not a RAT but malware. More on Shark2 :
"sharK is an advanced remote administration tool written in VB6. With sharK you will be able to administrate every PC in the world (using Windows OS) remotely. Here are some facts:
* sharK uses RC4 to encrypt the traffic with a random cypher generated every new startup.
* sharK is able to resume downloads and uploads when the server disconnects on the next connect
* sharK is completly Plugin based! So you have a very small server and never need to update it (except on core changes)
* Compressed Transfers
* Thumbnail Previews of Pictures
* Screen Capture with VNC-Technology (Only the parts of the pic that are changed since the last shot will be transfered)
* Keylogger works with Keyboard hooking
* You have a real DOS-Shell instead of dos-output like in the most Remote Administration Tools
* Interactive Process Blacklist
* Virtual-Machine detection"
AntiVir 220.127.116.11 2007.07.28 TR/Sniffer.VB.C.2
CAT-QuickHeal 9.00 2007.07.28 Backdoor.VB.bax
Fortinet 18.104.22.168 2007.07.28 W32/VB.BAX!tr.bdr
Ikarus T22.214.171.124 2007.07.28 Backdoor.Win32.VB.bax
Kaspersky 126.96.36.199 2007.07.28 Backdoor.Win32.VB.bax