I am grateful to Eff and Morgan, Eva, and Citizen Lab and Seth Hardy for allowing us to build on their fine work and help spread the message. If anyone knows whether any of this information has yet appeared online in Arabic please let us know. Thank you. FS [1]http://cpj.org/security/2012/06/skype-trojan-targets-syrian-citizen- journalists-ac.php Skype Trojan targets Syrian citizen journalists, activists By [2]Frank Smyth/Senior Adviser for Journalist Security The Russian manufacturer promises results. The software can be used to control your own or, say, a customer's computer by making it a remote software client. Or it could be used for spying on others. "BlackShades Remote Controller also provides an [3]efficient way of turning your machine into a surveillance/spy-device or to spy on a specific system," reads one line of the online product description. The software [4]sells online for $40 (an additional $12.60 brings premium support) through the Canadian E-Commerce reseller [5]paypro, and it can surreptitiously record keystrokes and screen views while giving the intruder clandestine remote access to the target computer. The [6]terms of service include several disclaimers. Purchasers must be "of legal age to use our services and are not a person barred from receiving services under the laws of Russia or other applicable jurisdiction." Purchasers must further agree to not use BlackShades to "harm people in any way," or "upload, post or otherwise make available any Content that you do not have a right to make available," or "provide material support or resources...to any organization(s) designated by the Russian government as a foreign terrorist organization." The spyware has been embedded into what looks like just one of many .pif video files being circulated by Syrian activists on Skype to help document attacks and human rights abuses by Syrian government and pro-government forces, according to a report [7]posted yesterday by the University of Toronto's Citizen Lab. North American-based forensic experts dissected the Trojan spyware embedded in the video file circulating on Skype, which ends with the extension "new_new.pif." The digital workings of the latest Skype Trojan are similar to those of a prior YouTube video Trojan that also targeted Syrian activists, according to a [8]report yesterday by the San Francisco-based nonprofit Electronic Frontier Foundation. The EFF report includes screen shots to help Syrian activists and other users identify the specific harmful files. Yet merely deleting the files or using anti-virus software "does not guarantee that your computer will be safe or secure," added EFF. The remote control access that BlackShades provides could allow intruders to install other spyware on one's computer. What's the safest bet? EFF suggests re-installing the computer's Operating System and changing all passwords to any accounts that one has logged into since the infection. [userpic-26-100x100.png] Frank Smyth is CPJ's senior adviser for journalist security. He has reported on armed conflicts, organized crime, and human rights from nations including El Salvador, Guatemala, Colombia, Cuba, Rwanda, Uganda, Eritrea, Ethiopia, Sudan, Jordan, and Iraq. Follow him on Twitter [9]@JournoSecurity. Tags: * [10]Cyberattack, * [11]Internet, * [12]Skype June 20, 2012 3:25 PM ET Frank Smyth Executive Director Global Journalist Security [13]frank@journalistsecurity.net T. + 1 202 244 0717 C. + 1 202 352 1736 Twitter: @JournoSecurity Website: [14]www.journalistsecurity.net Please consider our Earth before printing this email. Confidentiality Notice: This email and any files transmitted with it are confidential. If you have received this email in error, please notify the sender and delete this message and any copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. References 1. http://cpj.org/security/2012/06/skype-trojan-targets-syrian-citizen-journali... 2. file://localhost/blog/author/frank-smyth 3. http://bshades.eu/bsscmds.php 4. https://secure.payproglobal.com/orderpage.aspx?products=57625 5. http://www.payproglobal.com/aboutus.html 6. http://bshades.eu/legal.php 7. https://citizenlab.org/2012/06/syrian-activists-targeted-with-blackshades-sp... 8. https://www.eff.org/deeplinks/2012/06/darkshades-rat-and-syrian-malware 9. https://twitter.com/#!/JournoSecurity 10. file://localhost/tags/cyberattack 11. file://localhost/tags/internet 12. file://localhost/tags/skype 13. mailto:frank@journalistsecurity.net 14. http://www.journalistsecurity.net/ _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE