Endpoint Protection

 View Only

  • 1.  SEP 12 - #JeSuisCharlie Malware (Darkcomet RAT)

    Posted Jan 22, 2015 03:44 AM

    Dear Symantec,

    There is a new malware spreading using the viral "Je Suis Charlie" on Social Media Networks.  The malware itself uses the DarkComet remote access kit but envelops it in a .NET wrapper.  According to BlueCoat only 2 out of 53 AV scanners detect the malware (as of January 21):

    http://www.csoonline.com/article/2871018/malware-cybercrime/je-suis-charlie-malware-shows-attackers-agility.html

    My question, does the latest SEP12 definition file 150121009 (January 21, R9) cover the JeSuisCharlie Malware attack?

    Many thanks!



  • 2.  RE: SEP 12 - #JeSuisCharlie Malware (Darkcomet RAT)
    Best Answer

    Posted Jan 22, 2015 06:34 AM

    After further analysis, Symantec is detecting this as Backdoor.Breut. See here:

    https://www.virustotal.com/en/file/fe603db8389564ce2e12d5924e9ce68240b23aebacc72aaacef61820bcc4c96c/analysis/

    http://www.symantec.com/security_response/writeup.jsp?docid=2012-021012-3004-99



  • 3.  RE: SEP 12 - #JeSuisCharlie Malware (Darkcomet RAT)

    Posted Jan 26, 2015 08:23 AM

    Thank you very much, appreciate it!



  • 4.  RE: SEP 12 - #JeSuisCharlie Malware (Darkcomet RAT)

    Posted Jan 26, 2015 08:25 AM

    You're welcome.