Campaigns with remote Trojan accessς με Java ( RAT ) δεν είναι σπάνιες πια. Η κυκλοφορία τους έχει αυξηθεί τα τελευταία χρόνια και εξακολουθούν να στοχεύουν επιχειρήσεις αλλά και ιδιώτες. Η δημοτικότητα αυτών των εκστρατειών δεν αποτελεί έκπληξη, καθώς αν ένας εισβολέας μολύνει τον υπολογιστή του θύματος με ένα RAT, τότε μπορεί να αποκτήσει τον πλήρη έλεγχο του υπολογιστή. Μαζί με αυτό, αυτές οι απειλές δεν περιορίζονται μονάχα σε ένα λειτουργικό σύστημα, αλλά σε οποιονδήποτε υπολογιστή τρέχει Java. Οι επιτιθέμενοι έχουν εύκολη πρόσβαση στα Java RATs χάρη στο γεγονός ότι ο πηγαίος κώδικας κυκλοφορεί ελεύθερα στο Internet.
As the Symantec, noticed a new spam campaign that distributes a Java RAT known as JRAT, which was launched on February 13 2014. The sender of the spam e-mail claims to have attached a payment certificate to the message and asks the user to confirm that it has received it.
The email actually contains a malicious attachment with name Paymentcert.jar file, and is detected as Trojan.Maljava. If the Trojan is executed, it will run JRAT, detected as Backdoor.Jeetrat. The RAT not only affects Windows PCs, but also Linux, Mac OSX, FreeBSD, OpenBSD, and Solaris computers. This RAT is not new as we have seen it in previous targeted attacks. The JRAT builder, as shown in the image below, shows how easy it is for an attacker to create their own custom RAT.
Symantec telemetry shows that the campaign has primarily affected the United Arab Emirates and the United Kingdom.
This campaign seems to target specific people. Some aspects of the attack seem to confirm the targeted nature of the campaign, such as the small number of victims, a single messenger, a single server as a command and control center (C&C) and the fact that the majority of these spam messages were sent to personal addresses email.
Symantec recommends to users be very careful when receiving unsolicited, unexpected, or suspicious emails. If you are not sure about the legitimacy of the email, then do not open it, or if you do open it, do not do what it asks you to do, such as clicking on links or opening attachments.
