[liberationtech] CPJ blog building on EFF, Citizen Lab -- BlackShades Skype Trojan
frank at journalistsecurity.net
frank at journalistsecurity.net
Wed Jun 20 13:51:43 PDT 2012
I am grateful to Eff and Morgan, Eva, and Citizen Lab and Seth Hardy
for allowing us to build on their fine work and help spread the
message. If anyone knows whether any of this information has yet
appeared online in Arabic please let us know. Thank you. FS
[1]http://cpj.org/security/2012/06/skype-trojan-targets-syrian-citizen-
journalists-ac.php
Skype Trojan targets Syrian citizen journalists, activists
By [2]Frank Smyth/Senior Adviser for Journalist Security
The Russian manufacturer promises results. The software can be used to
control your own or, say, a customer's computer by making it a remote
software client. Or it could be used for spying on others.
"BlackShades Remote Controller also provides an [3]efficient way of
turning your machine into a surveillance/spy-device or to spy on a
specific system," reads one line of the online product description. The
software [4]sells online for $40 (an additional $12.60 brings premium
support) through the Canadian E-Commerce reseller [5]paypro, and it can
surreptitiously record keystrokes and screen views while giving the
intruder clandestine remote access to the target computer.
The [6]terms of service include several disclaimers. Purchasers must be
"of legal age to use our services and are not a person barred from
receiving services under the laws of Russia or other applicable
jurisdiction." Purchasers must further agree to not use BlackShades to
"harm people in any way," or "upload, post or otherwise make available
any Content that you do not have a right to make available," or
"provide material support or resources...to any organization(s)
designated by the Russian government as a foreign terrorist
organization."
The spyware has been embedded into what looks like just one of many
.pif video files being circulated by Syrian activists on Skype to help
document attacks and human rights abuses by Syrian government and
pro-government forces, according to a report [7]posted yesterday by the
University of Toronto's Citizen Lab. North American-based forensic
experts dissected the Trojan spyware embedded in the video file
circulating on Skype, which ends with the extension "new_new.pif."
The digital workings of the latest Skype Trojan are similar to those of
a prior YouTube video Trojan that also targeted Syrian activists,
according to a [8]report yesterday by the San Francisco-based nonprofit
Electronic Frontier Foundation. The EFF report includes screen shots to
help Syrian activists and other users identify the specific harmful
files.
Yet merely deleting the files or using anti-virus software "does not
guarantee that your computer will be safe or secure," added EFF. The
remote control access that BlackShades provides could allow intruders
to install other spyware on one's computer. What's the safest bet? EFF
suggests re-installing the computer's Operating System and changing all
passwords to any accounts that one has logged into since the infection.
[userpic-26-100x100.png]
Frank Smyth is CPJ's senior adviser for journalist security. He has
reported on armed conflicts, organized crime, and human rights from
nations including El Salvador, Guatemala, Colombia, Cuba, Rwanda,
Uganda, Eritrea, Ethiopia, Sudan, Jordan, and Iraq. Follow him on
Twitter [9]@JournoSecurity.
Tags:
* [10]Cyberattack,
* [11]Internet,
* [12]Skype
June 20, 2012 3:25 PM ET
Frank Smyth
Executive Director
Global Journalist Security
[13]frank at journalistsecurity.net
T. + 1 202 244 0717
C. + 1 202 352 1736
Twitter: @JournoSecurity
Website: [14]www.journalistsecurity.net
Please consider our Earth before printing this email.
Confidentiality Notice: This email and any files transmitted with it
are confidential. If you have received this email in error, please
notify the sender and delete this message and any copies. If you are
not the intended recipient, you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited.
References
1. http://cpj.org/security/2012/06/skype-trojan-targets-syrian-citizen-journalists-ac.php
2. file://localhost/blog/author/frank-smyth
3. http://bshades.eu/bsscmds.php
4. https://secure.payproglobal.com/orderpage.aspx?products=57625
5. http://www.payproglobal.com/aboutus.html
6. http://bshades.eu/legal.php
7. https://citizenlab.org/2012/06/syrian-activists-targeted-with-blackshades-spy-software/
8. https://www.eff.org/deeplinks/2012/06/darkshades-rat-and-syrian-malware
9. https://twitter.com/#!/JournoSecurity
10. file://localhost/tags/cyberattack
11. file://localhost/tags/internet
12. file://localhost/tags/skype
13. mailto:frank at journalistsecurity.net
14. http://www.journalistsecurity.net/
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list