today I am going to write a little bit about the "new" RAT (Remote Access Trojan) called BlackHole available for Windows and for MAC. In the past few days a lot of news papers and more generally speaking a lot of news portals (pcworld, sophos on security, the register and many others ) focused on the so called "new entry": the BlackHole RAT.
As the previous picture suggests (it's the main screen of BlackHole) it's nothing really new, it's just another RAT, like NetBus was or many versions of BackOrifice and like many other are and have been. Is it new because it has been made for MAC ? Well I see nothing new on that: the following picture shows just another RAT for MAC available in the underground communities.
(note on that: this is an "undetecter" that uses my AVFucker, but it has RAT capabilities too )
(only a small piece, the author wont be reachable...)
Well, of course these are only one of the many available .. .. .. Boys, at the end of the day they are "simple" trojan which in most of the cases do not exploit any vulnerability but only implements regular operation as a normal server does. For example BlackHole for MAC asks you to insert the root password before being installed.... :O! very dangerous :D :D ... Again , uninformed people who falling into Social-Engineering traps open these malicious programs will have hard life if affected from a RAT, but informed people or people who do not often fall in social engineering traps will have easier life.. I mean it is always the "same soup" (an ancient way to say it is always the same old story) nothing new nothing old, I do not only figure why in these past few days a lot of famous, authoritative online (and non) magazines, which I respect and read, have been focused on this particular topic describing a new "MAC threat" when, instead, it is not a new MAC threat at all ;).