<![CDATA[[SecurityRatty] tag: shark3]]> http://securityratty.com/tag/shark3 Sun, 09 Dec 2007 17:44:58 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[The Shark3 Malware is in the Wild]]> http://securityratty.com/article/dc725612535174610928742a0567c2aa http://securityratty.com/article/dc725612535174610928742a0567c2aa Life's too short to live in uncertainty, the stakes are too high. A month ago, I indicated the upcoming release of the third version of the script kiddies favorite Shark Malware. Despite that after the negative publicity of the malware that's actually promotd as a RAT, the authors supposedly abondoned the malware, they seem to have logically resumed its development. And so, the Shark3
malware is continuing its development.

What's new? Anti-debugger capabilities in particural against - VmWare, Norman Sandbox, Sandboxie, VirtualPC, Symantec Sandbox, Virtual Box etc.

Detection rate : Result: 15/31 (48.39%) - Backdoor.Win32.Shark.if
File size: 3104768 bytes
MD5: e3a6758f5c90b39b59c6cd7551224d52
SHA1: 25f025f31560a28275aab006e04aace828e012ea



Some key points regarding Shark :

- its do-it-yourself nature, just like many of the malware tools I've covered before is empowering script kiddies with advanced point'n'click capabilities

- built-in spyware functionaly, namely "aggressive service" which resets the start-up values when they're delted, yet another indication that what's pitched as a RAT is in fact malware

- once released in an open source form, a community emerges around it one that starts innovating and coming up with new features
]]> Thu, 31 Jan 2008 16:10:57 +0000 malware malware tools built-in spyware functionaly script kiddies shark aggressive service negative publicity rat authors supposedly The Shark3 Malware is in the Wild <![CDATA[The Shark Malware - New Version's Coming]]> http://securityratty.com/article/aae2ee8a29293c56cf5a4632cc3a660b http://securityratty.com/article/aae2ee8a29293c56cf5a4632cc3a660b

Remember Shark, the DIY malware pitched as a Remote Administration Tool (RAT), whose publicity among script kiddies, and the press given the easy with which an undetected malware can be build with it, prompted the author behind the project to publicly announce that he's shutting down work on the RAT? However, as it looks like, the project is still under development, and the author's recent announcement of the upcoming version of Shark3 further confirms that the shut down announcement was valid by the time the publicity started to fade away. Here're some screenshots of what's to come in the new version :
Shark3 Window's Info











Shark3 Keylogger







Previous versions included features not so popular among RATs by default such as, built-in VirusTotal submission, process injection, and with the new version promoted to have a built-in rootkit capabilities, next to its Vista compatibility, let's ask the ultimate question - is it a RAT, or is it a malware? That's the rhetorical question.

]]> Sun, 09 Dec 2007 17:44:58 +0000 malware version shark3 window shark3 diy malware rhetorical question shark3 keylogger built-in rootkit capabilities rat The Shark Malware - New Version's Coming