FBI Demo of Malicious Code

katebrew over 11 years ago 3 minute read time

Last Friday I got to see a presentation by Tom Ervin, a Cyber Squad Computer Scientist with the FBI in San Antonio hack into computers in a demo at the local InfraGard meeting. It was pretty cool - at one point Tom asked for a volunteer / victim, who was seated before a PC near the front. On the main display, Tom acted as the "hacker." First the hacker sent the victim an email that looked like it was from a family relative, Uncle Bud. This would be fairly easy for the hacker to figure out the victim has an Uncle Bud, given social media methods. So, the victim gets this friendly note that looks like it's from Uncle Bud, inviting him to click on a flash Christmas card. The victim, being a nice guy and not wanting to insult Uncle Bud, clicks on the link. The hacker, using the flash Trojanizer utility, is then emailed lots of info about the victim's computer, including IP address and port number, as a result of the victim clicking on that link.

The hacker then uses SubSeven, a Remote Administration Tool (RAT), to connect with the victim's PC and see all kinds of info on that PC and take control. Subsequently, the hacker opens a Keylogger app and is able to see the victim's keystrokes in real time. That means credentials. Awfully dangerous if the victim is opening an online banking application!

In this demo, the hacker activated the webcam and could even watch the victim. Creepy.

Now, the hacker tools Tom was using are common ones, and up-to-date endpoint security, such as AV, would have stopped these particular hacking tools from working. The tools he was using were "old news" that can be defeated. They're still usable by real hackers, because there are always people who don't keep their endpoint security up-to-date. In addition, there are always newer, more sophisticated tools. Tom, being with the FBI and all, did not want to publicize the newer, nastier hacking tools, which is nice. But they are out there...

Tom's presentation was given at the InfraGard Austin meeting. InfraGard is a collaboration between the FBI and private industry members who are involved in protecting critical infrastructure. Critical infrastructure includes things like water supplies, communications systems and information technology. Important things that would appreciably hurt our lifestyles, if hacked.

Each InfraGard chapter is linked with an FBI Field Office and provided access to experts from the agency to help mitigate threats to the US critical infrastructure. The Austin chapter is linked with the FBI office in San Antonio. InfraGard members are vetted at time of application, and then have the capability to contribute to the security and protection of our infrastructure and key resources

At this InfraGard meeting, aside from two demos, Tom also discussed the trends the FBI is seeing. Social engineering is not new, but it is growing with social media and associated scams. He also discussed Spam scams, including an example of how the stock market was influenced with such a scam. He also discussed how he investigates suspected malicious code in his role at the FBI, including the tools he uses. Another interesting point was around anti-detection and anti-debugging tools and techniques, which attempt to make the malware "hard to find." Tom mentioned that in his role, it's important to be able to attribute malware to its source, so such countermeasures make attribution increasingly difficult.

If all this talk of malware is making you concerned about the security of your own IT security infrastructure, please check out this whitepaper, IT Security Management Checklist - 9 Key Recommendations to Keep your Network Safe.

On a lighter note, you might also check out this short video from MAD Security about the dangers of USB Devices. No cats were harmed in the making of the film