In June 2012, the Electronic Frontier Foundation (EFF) along with the Citizen Lab, a division of the Munk School of Global Affairs at the University of Toronto, released information on a new remote access Trojan (RAT) horse virus called BlackShades. The virus was discovered in Syria, where it targeted the computers of Syrian activists who were working against the Bashar al-Assad regime.
Once the RAT is downloaded, the virus installs a keystroke logger on the infected computer. BlackShades has the ability to take remote screenshots of the infected computer, view a victim’s webcam, steal files and install more malware at a later date. The BlackShades RAT appears in the form of a Skype instant message sent from an infected computer. The IM claims to be an important new video or “.pif” file, which the user downloads.
While most Antivirus software can now detect BlackShades, RATs like BlackShades, DarkComet and Xtreme are the first in a salvo of malware that corrupts VoIP (voice over IP) software. Many activists and journalists in oppressive regimes depend on Skype and similar programs because they encrypt VoIP calls, making them almost impossible to intercept and decipher. However, BlackShades has proven even VoIP is vulnerable.
What’s So Scary About Skype and Real-Time Messaging?
Some governments ban Skype as a national security measure. Because they cannot eavesdrop on Skype calls or IMs, they fear rebel forces could use the program to plot against the national government and to spread propaganda painting the government unfavorably.
The latest country to consider a Skype ban is Saudi Arabia, which has also considered banning other VoIP, real-time messaging and chat programs like WhatsApp and Viber. WhatsApp, for instance, has been used to organize protests against the government in Saudi Arabia. Those protests are completely illegal in the country and that has brought WhatsApp to the attention of regulators.
Although Microsoft does not provide a list of countries where Skype is banned, Ethiopia, many Middle Eastern countries, many Asian countries and some Mexican ISPs are known to prohibit its use.
Precautions Against BlackShades
To prevent infections from malware like BlackShades, the EFF recommends the following precautions:
- Never run software received through email. Email is a prime conduit for malware and phishing attacks.
- Only download software starting with “https.” This simple precaution means looking at a browser bar before downloading software and checking to see that the Web address starts with “https” instead of just “http.”
- Never install unsolicited software from unknown sources. Even if the software appears as a pop-up ad or looks like a recommendation from a friend, always go to the original source to download it instead of using an unsolicited link.
- Immediately download and install operating system (OS) security updates from the vendor. If you’re using Windows, download patches and other updates directly from Microsoft.
- Make sure to use an OS that is still vendor-supported. For example, Microsoft will stop supporting security updates for Microsoft XP in 2014. Users still operating Windows XP after updates stop will be vulnerable to security breaches.
- Keep your OS back-up disk. If you suspect you’ve installed a RAT or other type of malware on your computer, you can update and run your antivirus software to get rid of it. However, keep in mind while your computer was infected with one type of malware, more malware could have been installed on it simultaneously. Good antivirus software is a necessary first line of defense, but keep your back-up disk just in case.
Activists and journalists in oppressive countries take risks every day for their ideals; however, government surveillance has gone beyond bugging phones and hotel rooms.
