Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Friday, June 6, 2014

How To Protect Yourself From Creepware

Tell your friends:
We all know the dangers that malware (malicious software) pose to our online lives. We've all heard the horror stories from friends or coworkers who have had their bank accounts plundered, their identities stolen or their email hacked into. Some of us have no doubt experienced these abuses ourselves. And while all of the above can leave us feeling vulnerable and personally attacked and distressed, there may just be another online threat that could leave us feeling even more like the victim of a targeted attack. Welcome to the not so wonderful world of creepware.

What is creepware and what does it do?

But what exactly is creepware and what can it do? In this article we are going to take an in-depth look at the causes, symptoms and the impact creepware can have on its victims. We'll also take a look at what the users (or should that be abusers?) of creepware are hoping to achieve through their usage of it. And of course, no post would be complete without taking a look at how creepware is spread – and what you can do to protect yourself from this very nasty strain of software.

A heat map showing potential creepware victims around the world.
Creepware is a term which is used to describe something called a Remote Access Trojan (RAT), although you may also come across the terms Remote Administration Trojan, Remote Administration Tool or Remote Access Tool. Put simply these are programs that have been installed on your computer without your knowledge, which enable an unscrupulous third party to gain access to, and control of, your PC remotely.

There is, however, a difference between remote access tools and remote access Trojans in that Trojans are always used for ill gotten reasons. Remote access tools can actually be used completely legitimately; for example by a trusted remote IT support technician. They also enable you to connect to a computer that's in your home or workplace when you're on the go. The bad news is though that these features that make remote access tools so useful can also then be applied to far more nefarious activities.

So why, the name creepware? Well for one, it's a lot less of a mouthful than Remote Access Trojan, and RAT could just be confusing. Also it's particularly apt when you realize just what a user of creepware can do once they've hijacked your machine. The presence of a Trojan means that your attacker is able to gain virtually complete control of any aspect of your computer – they'll be able to do pretty much everything that you can – just as if they were sitting at your desk at home or work too. Not only that but it's almost impossible to know if you have a Trojan on your device. It is this unsavory and, yes, downright creepy behavior that has led to the moniker creepware.

Once control has been established your attacker may do one or more of the following things:
  • Spy on you via your computer's webcam and capture images of you – i.e. voyeurism
  • Steal your personal data and/or files
  • Monitor your online activity, log your keystrokes and steal your passwords so they can hijack your user accounts
  • Listen to, and in some cases record, your conversations through your PC's microphone
  • Copy or delete files such as pictures and videos
  • Use stolen pictures or videos or webcam recordings to either blackmail you and extort money or persuade you to perform sexual acts on camera. If the photos or videos are of a graphic nature this is known as sextortion
  • Trolling and cyber bullying
  • Make your computer open x-rated adult or otherwise extreme websites, display abusive messages, or damage your system - all just for their own sick amusement
Who would use creepware?

Not surprisingly, the users of creepware tend to rank pretty lowly on the morality scale of things. Some use it to make money either by blackmail, extortion or fraud, whilst others may see their use of the malware as 'just a bit of fun'. Clearly if you're a victim of creepware you are unlikely to see the funny side, which pushes it firmly into 'trolling territory'. Whether being used as a 'joke' or a 'prank' or to extract money from a victim, using creepware involves accessing someone else’s computer without authorization – again this is morally wrong - but also a serious crime.

Users of creepware, of which there are a shockingly high amount, explain their reasons for using it in discussions on online web forums. Comments in threads range widely and make for some disturbing reading with users variously stating:
  • I use it to target people I hate to upset them – I like it when it makes them cry
  • I haven't used it for anything bad – but I do convince girls to undress for me
  • I steal peoples' passwords and access their bank or social media accounts
  • I think it's fine – the people I watch don't know I'm watching them
In fact there are a huge amount of creeps out there who claim on these forums that it's entirely the victims' own fault for downloading and installing programs from unverified or un-trusted sources in the first place!

From this it's probably fairly safe to conclude that the users of creepware users are either pretty blasé and do not care about the damage or distress that they can cause. Or maybe they just don't realize that what they see as harmless fun can leave their victims traumatized or even, in worse case scenarios, driven to self harm or suicide.

On top of this, a lot of victims don't report this sort of criminal activity and so the perpetrators are rarely caught or apprehended and as a consequence escape justice. There are a number of reasons why the victims don't report attacks; possibly they don't think they'll be believed or that they won't be taken seriously. In many cases it's because they are being blackmailed by the attacker who has threatened to post stolen or recorded videos or photos online and they are worried about their reputation being damaged or the personal fallout and the impact it could have on relationships or a career.

One creepware attack that did get reported – and hit the headlines – however was that of the case of Cassidy Wolf, a 19 year old high school student and a Miss Teen USA. Back in August 2013 a fellow student hacked into Cassidy's device and watched her getting undressed at home in the privacy of her bedroom. The attacker captured photos and then threatened to publish them online if Cassidy didn't comply with their demands to take explicit photos of herself. Bravely, rather than giving in to the attacker and becoming a victim in the true sense of the word, Cassidy went straight to the police who eventually managed to track down the culprit - who then subsequently pleaded guilty to having harassing at least two dozen more women. Watch An interview with Cassidy here.

And in further bad news, because creepware has been designed to be extremely user friendly and boasts a logical GUI - graphical user interface – it can be utilized not only by expert hackers but by newcomers to the game too. No longer is malware the domain of the hardcore hacker or hijacker, now pretty much anyone with a desire to act maliciously online can master these programs.

How does creepware work?

Creepware utilizes a client-server model. This is a software architecture made up of a system of clients and servers. In a regular client-server relationship your computer (the client) sends the server a request. The server then processes the requests and sends the relevant information back to the client. Creepware turns this on its head by turning your computer into the server whilst the PC belonging to the attacker assumes the role of client. This then enables the attacker to send nasty commands to your machine enabling them to take control of your operating system and retrieve files or perform other unwanted (by you) actions.

What can creepware do?

So let's take a look what exactly creepware does. In actual fact there are a huge amount of creepware programs out there, although most of them share the same features, methods and unscrupulous ambitions.

Just some of the names to look out for include:
  • Blackshades (W32.Shadesrat)
  • DarkComet (Backdoor.Krademok)
  • Poison Ivy (Backdoor.Darkmoon)
  • jRAT (Backdoor.Jeetrat)
  • Pandora RAT (Trojan.Pandorat)
The Blackshades user forum.
We'll take a closer look at one of these programs; Pandora RAT. If your computer is unfortunate enough to be infected by the Pandora RAT creepware, your attacker will be able to access all of the following items on your PC:
  • Your files
  • Your services
  • Your processes
  • Your clipboard
  • Your registry
  • Your connected printers
  • Any network connections that are currently active
And so that means that the user of Pandora cRAT will also be able to:
  • Cause your system to fail thus displaying the dreaded 'blue screen of death'
  • Display messages on your screen
  • Play you audio messages by using the text-to-speech function
  • Take remote control of your computer's desktop
  • Take screenshots
  • Hide your taskbar and desktop icons
  • Restart your computer at their own will
  • Open websites and pages
  • Record footage via your webcam
  • Record any VoIP conversations you are having or other audio
  • Log your keystrokes to steal your login information and passwords
  • Download your personal files
Your computer may also be used to initiate Distributed Denial of Service (DDoS) attacks and even used to mine bit coins. And basically any action which benefits the attacker – you name it, somebody somewhere can probably do it with creepware. And if they can't now, they probably will be able to in the not too distant future! Put quite simply, your resources could be being used to an extremely dubious third party's advantage.

How does creepware get installed on my computer?

Creepware is installed on your device in the same way that all malware programs are; all you need to do is click on a link in a dodgy email, chat room, or on a social media platform. Creepware can also be installed by drive-by downloads associated with the latest must have program, game or popular TV series, or through peer-to-peer file-sharing and torrents.

Creepware is big business!

So not only are criminally minded creepware users using the software to extort, or sextort, money from their victims but the sale of Random Access Trojan software itself can, and does, bring in the big bucks. It is possible to by the software either directly from the website of a developer or from individuals who place adverts on forums devoted to hacking and other shady online practices.

Further income is generated by self-styled and so-called creepware experts who charge people who want to set up creepware but who don't want to be bothered with any of the work. Naturally the price they will pay depends on the service provided and whilst certain creepware can be obtained for free, other, more advanced programs can cost from anything up to $250. Added extras – let's say your FUD crypter (more of that in a moment!) and the additional cost of setting that up may cost anywhere from $20 to $50. And make no mistake; there are plenty of 'helpful' trolls in the aforementioned forums who are plenty eager to pass on insider tips, tricks, advice and instructions to the new kids on the creepware block.

So, more about that FUD encryter. Yes, everything from this to a JDB generator and even a slave can easily be found and purchased through these websites. Don't know your FUD from your JDB and certainly have no intention of purchasing a slave? We can't say we blame you – here's a brief rundown of what these actually are:
  • FUD means something is Fully UnDetectable by a security software seller
  • A crypter is a tool which is employed to scramble the bytes in a file thereby making it a lot harder to detect
  • JDB stands for Java Drive By. This is something which, when someone browsing the web visits a website that has a certain Java applet embedded onto it, they will see a pop-up which will display a message asking for the user to give their permission for something. The visitor to the site gives their go ahead – and creepware is promptly downloaded onto their machine
  • A slave is the name given to a computer that has been infected with creepware
Okay, enough already! How do I protect myself from creepware?

To protect yourself against creepware there are a number of recommended things that you really should seriously think about:
  • Make sure your antivirus is up to date and you run it on a regular basis - manually too
  • Also ensure your operating system and any software you have installed on your computer is also the latest version. You can use Automatic Updates in Windows s this will auto download and install Microsoft security updates
  • Don't download files or programs from dubious or third party websites
  • Be careful and don't get sucked in to opening tempting looking links on social media networks, in emails or in instant messenger chat windows
  • We shouldn't have to say it, but please don't open emails if you don't know the sender and whatever you do, don't click on link in emails that you don't trust
  • Change your passwords every 30-90 days. How to create a strong password.
Another crucial thing to look out for is if your webcam suddenly activates itself. If you're not using it, we recommend covering it with a small piece of tape, or keeping the shutter closed, if it has one.

In conclusion

We all need our computers and devices, which play an important part in both our social and working lives. What we don't need is the threat and the distress that creepware – or Random Access Trojans – can cause us. Play safe and exercise caution when you're online for whilst it is certainly true that creepware is capable of inflicting potentially huge, life-changing amounts of damage, by taking certain protective steps – some as easy as sticking a piece of tape over your webcam – you can stay safe when you're online. Most of all keep your security software up to date and prevent yourself from falling victim to online blackmailers, hackers, creeps and trolls.

Written by Michael Kaur,