Blackshades: What is it? How does it work? and how can you protect yourself against it?
News has quickly spread of Blackshades and the numerous arrests that have occurred over the last couple of days. Many have called Blackshades a sophisticated malware tool, but in reality, the idea of Blackshades has existed for many years. Back when we used dial-up Internet in 1998, I remember playing with a tool with my friends for fun that was called NetBus. One would install NetBus on one computer, and then use another computer to control the victim’s system. At the time, it allowed you to do things like open a CD-DROM drive, dump the screen of a computer, send a message to the person, force them to exit Windows and control the victim’s mouse.
So, we used to prank each other with tools like this back in the day, but now, these tools have grown in sophistication, and have been picked up by what we refer to in the cyber security community as script kiddies (technically unskilled individuals that use existing programs developed by elite hackers to attack a computer or a network) – and may cause significant damage in terms of privacy invasion.
So what is Blackshades? Well, imagine someone going into your house, setting up hidden cameras and microphones all over your house and being able to control all the locks on all your doors, appliances, cupboards, drawers and utilities your house is being connected to. Metaphorically speaking, that is what Blackshades is to your computer system.
Simply speaking, think of Blackshades as a program that has two parts: a client/controller and a server. When the server (a program) is installed on a victim’s machine, then the hacker can essentially take full control of your system by using the client/controller. Many refer to this type of software as a Remote Administration Trojan (RAT) – and the word “Trojan” is derived from the story of the wooden horse used to trick the defenders of Troy by taking hidden warriors into their city in ancient Antolia. The same applies to Blackshades, where potential victims still have to be tricked into installing the software onto their machines for the hackers to take control over a victim’s system.
So how can Blackshades and other RAT malware spread? It can happen through malicious links on social networks, fake torrent downloads, phishing e-mails and other software exploits. It all usually starts by tricking the victim into believing that they are installing/visiting something good (which we term social engineering in our field). Once the software is properly installed on the victim’s machine, a hacker can then administer/monitor/exploit the victim’s system. In the case of Blackshades, an attacker may use it in the following ways (among others):
As ransomware – where the hacker can hijack a victim’s system – and typically the victim has to pay money to regain access to their system
To control your facebook posts
To host illegal files and share them with others using your system without the victim’s knowledge
Use your system in a Distributed Denial of Service Attack (DOS) – where the attacker uses your computer, and other infected machines collectively to attack a specific server
Keylogger – where the attacker is able to log every single keystroke pressed on your keyboard (Thus collecting your passwords, and personal information)
Control your webcam
Download and run files on your system
Control your MSN messenger
Screenshot your system
So the question that arises then, is how do you protect yourself against Blackshades and other RAT malware? Below are some ideas for you to consider:
Always remember that the first step is typically being social engineered, so if you see any suspicious links, e-mails, text messages, chat messages or anything else simply ignore them!
Use malware protection software that detects malicious links
Keep your anti-virus protection up to date
Keep your operating system up to date
Do not install suspicious software on your computers/phones
Keep all your programs on your system up to date
Dr. Ibrahim (Abe) Baggili is the Director of the University of New Haven’s Cyber Forensics Research and Education Group, and Assistant Professor of Computer Science at the University of New Haven. For more information on the group’s work and for media related queries you can visit http://www.unhcfreg.com.