And if even this handholding isn’t enough, more successful ratters sometimes rent out slaves they have already infected. In other cases, they simply hand them off to others in a “Free Girl Slave Giveaway.”
Calling most of these guys “hackers” does a real disservice to hackers everywhere; only minimal technical skill is now required to deploy a RAT and acquire slaves.
via Meet the men who spy on women through their webcams | Ars Technica.
The researchers, in conjunction with their research paper (PDF), released tools for decrypting RAT traffic and proof-of-concept exploits for the bugs they found. They found that the tools include weak, or no, encryption: Bandook, for example, uses obfuscation, not encryption, to protect its traffic between the victim’s machine and the C&C server.
via Popular RATs Found Riddled With Bugs, Weak Crypto – Dark Reading.
“A good understanding of their protocols is critical to network and system administrators deploying tools that can notice the presence of a RAT,” they said.
RAT = Remote Administrative Tool which is a tool used by the bad guys to snoop on a victim. To the victim this is more commonly referred to as a trojan.