22 Jun 2012
Hackers siding with the Syrian government appear to be resorting to a new cyber weapon to monitor the activities on Syrian activists’computers, and even possibly infect target machines with malware, according to an EFF report.
In this case, attackers resort to Blackshade Remote Controller, a legitimate remote control tool put to illegal use. A legal disclaimer on the manufacturer's site settles any doubts as to intended purpose: “according to the Spy Act passed in October 5th 2004 by US houses, installation of advertising or data gathering spyware without authorization or the computer owner's consent is prohibited, but it is still legal to install any program you want to your own computer."
The Syrian attackers distribute the tool via Skype, as a “.pif” file, under the pretext that the recipient must see “an important new video”. It appears the source of the infection is a compromised Skype account of a Free Syrian Army officer.
Early into 2012, an IT specialist connected to the Syrian opposition confirmed to CNN’s Ben Brumfield that the Syrian regime supporters engaged in a genuine cyberwar with viruses being thrown into the battle against the dissenters.
“Supporters of dictator Bashar al-Assad first steal the identities of opposition activists, then impersonate them in online chats," stated software engineer Dlshad Othman for CNN. “They gain the trust of other users, pass out Trojan horse viruses and encourage people to open them."