Content

Debate: Operation Shady RAT, a cyberespionage offensive chronicled by McAfee, is a botnet.

PRO

Eugene Kaspersky, co-founder and CEO, Kaspersky Lab

Arguments as to terminology have always caused heated debate in the anti-virus industry. Alternative/varied meanings can be attached to any term. There isn't even a single definition of the word “virus.”Yet, analysis of the activities of the malicious programs in Shady RAT allows one to conclude categorically that this, in fact, is a botnet – due to the following: mass distribution of emails containing malicious files; after executing the malicious file contained in an email, the victim's computer gets infected with a trojan horse loader; the trojan interacts with a remote server via the internet, sending it information and receiving from it automatic commands, for example, to download other malicious programs; the number of computers infected by the trojan at any point in time is more than one; and given access to the control center, a hacker is able to execute any command on an infected computer.

Thus, what we have here is a botnet: a network of infected computers interacting with a remote control center.

CON

Rob Lee, digital forensics and incident response lead, SANS Institute

The Shady RAT advanced persistent threat (APT) is a cyber adversary displaying advanced logistical and operational capability for long-term intrusion campaigns. Its goal is to maintain access to victim networks and exfiltrate intellectual property data and information that is advantageous.

 Botnets are a tool designed for an organization to control hundreds to millions of infected hosts with identical commands. The larger the botnet, the more effective it will be. To achieve a larger size, botnets are created through indiscriminate victim targeting, making them decidedly visible.

The APT infrastructure is designed for discrete manipulation that allows the APT to achieve precise goals in each victim it compromises. The Shady RAT report reveals the APT specifically targeted key organizations worldwide. Its objective for each victim is unique.

The danger in simplifying the APT as a botnet is that it leads us to ignore the threat that the adversary is much larger, more organized, and better equipped than we assume.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.