How can I tell if my computer has been infected by the Blackshades malware ring that the FBI just broke up?
Last week, one of the most aggressive international cybercrime crackdowns was conducted by law enforcement officials in over a dozen countries that snared more than 90 people.
The BlackShades Remote Access Tool or RAT was a $40 piece of software that the FBI estimates infected more than 700,000 computers worldwide, many of them in the U.S.
BlackShades is one of the many malicious tools that target Internet-connected computers that even a novice can use, and once installed, allows a remote user total control of your system.
The high-profile “sextortion” case of Miss Teen USA, Cassidy Wolf, who was a victim of the BlackShades RAT, brought this particular underworld tool to the public’s attention, but there are many more.
Wolf was sent an anonymous extortion e-mail message that threatened to post nude images of her that were captured from her webcam by a remote hacker who turned out to be a former school mate.
Remote Access Tools are actually legitimate programs uses by IT departments to help support users, but BlackShades had various nefarious tools built-in that allowed a remote user to record keystrokes to steal passwords, activate webcams to silently take pictures and video of victims and encrypt data files so that users would have to pay a ransom to regain access to their own files.
BlackShades uses an obfuscation technique that constantly changes its appearance to avoid detection by traditional anti-virus programs, which contributed to its worldwide usage by hackers.
Typically, the attack vector was a cleverly crafted e-mail scam or a cleverly disguised link on social media that convinced victims to allow the program to be installed without their knowledge.
Even though most everyone is well aware of the dangers of opening file attachments in e-mail messages, the crafty social engineering tactics by hackers continue to fool people into a false sense of security.
RATs can make their way into your computer from e-mail scams, drive-by downloads that exploit computers that don’t have the latest updates or as a hidden program in what appears to be a legitimate download.
The possible indicators of an infection by BlackShades or any other RAT, according to the FBI, can vary widely, but some of them include the following:
- Webcam indicator lights that randomly turn on when you aren’t using the webcam;
- Mouse cursors that move erratically by themselves;
- A display that suddenly goes dark by itself while you are using it;
- Text-based chat windows that appear unexpectedly;
- Inaccessible computer files that ask for an encryption key.
If you’re comfortable under the hood, another step is to examine the Windows Registry for an unusual entry that contains a random string of letters and numbers that include the subkey of SrvID.
If your computer is running slow, takes forever to start up or seems really sluggish when you try to begin surfing the web, these are all indications that things are not as they should be.
Slow or unusual performance is not a certain indication of infection, but is always an indication that something is not right, so don’t ignore these symptoms.
Ken Colburn is president of Data Doctors Computer Services and the host of the daily Data Doctors Radio Tech Tips You can follow him on Twitter @TheDataDoc and on Facebook
Related Story:
Follow @WTOP and @WTOPtech on Twitter and and WTOP on Facebook.