Security researchers have found that the developers of ComRAT, a complex remote administration tool, are still hard at work. Per an article published on its blog, G Data Software was able to successfully identify 46 different samples of the spyware and trace it to as far back as 2007. Some believe that the malware, otherwise known as ‘Turla’ and ‘Snake,’ goes back even further and may have actually originated in 2005, thereby making it the oldest cyber-surveillance tool in existence today. Among their findings, the researchers at G Data found that ComRAT’s detection rates dropped off in 2011. This decline in activity runs parallel to a significant update that occurred between version 2.14.1 and 3.0 just one year later. Prior to that major sample change, ComRAT had been known as Agent.BTZ, a comparatively common RAT to the extent that it acted as a simple library executed on an infected machine. It is now known that earlier versions of Agent.BTZ were responsible for infecting U.S. military networks, including classified computers and those used in combat zones, back in 2008. Since then, ComRAT has become cleverer than its predecessor by collecting more information from its targets, abandoning its prior USB-stick infection mechanism, injecting itself into every process of the infected machine, and executing its main payload in “explorer.exe.” This advanced toolset has prompted its developers to use it in conjunction with the Uroburos rootkit, which is believed to be the malware that hackers used to steal Ukrainian crisis data from the Belgian foreign ministry last year and monitor EU-Finnish communications for four years beginning in 2009. Given their findings, researchers at G Data Software feel that the developers of ComRAT have far from exhausted their list of targets. “Taking everything into consideration, G DATA SecurityLabs experts are sure that the group behind Uroburos/Agent.BTZ/ComRAT/Linux tool/… will remain an active player in the malware and APT field,” the researchers concluded. “The newest revelations made and connections drawn let us believe that there is even more to come.”
Image