In yesterday’s post, I mentioned that the ChaseNET forums have been shut down. The distribution links for their SharK project, Bifrost and Poison Ivy Rat (Trojan) suites also have been removed. These projects could arguably be described as “Remote Administration Tools”.
Monday, the British legislature published guidelines for the application of a 1990 Computer Misuse Act that makes it illegal to distribute “hacking tools”. A perfect example of tools that this new application might apply to would be the ChaseNET projects. While these RATs could be argued as tools comparable to PCAnywhere or GoToMyPC, they include stealth and information stealing functionality that is designed to evade security solutions for effective system compromise, control and theft of sensitive user data. These sorts of tools certainly fit under the description of “dual-use” tools, and I suppose the British law was developed with the intent to take down this sort of site.
We’ll take a look from a low level technical perspective at some of these RATs’ bad behaviors and provide some details in a later post.