Authored by a Symantec employee

 

On May 19th, 2014 Blackshades made news headlines when the FBI and Europol announced (link is external) that they had arrested dozens of individuals suspected of cybercriminal activity centered around the malware. Blackshades is a “silent, but deadly” threat, which unfortunately means, if you are infected, you likely won’t know it until it’s too late. Norton products have long been able to detect and block Blackshades from attacking your computer. Read on to learn more about this threat and how to protect yourself and your computers.

What is Blackshades?

It is a popular and powerful piece of malicious software called a remote access tool (often abbreviated to the term RAT) that is used by a wide cross-spectrum of cybercriminals, many with very little technical knowledge, to attack your computers and leverage them for illicit gain. In fact, if you know where to look online, you can find it being sold for as little as USD$40.

What does Blackshades do?

Once installed on your computer, Blackshades provides an attacker with complete control over your machine but in a way that is invisible to you. Unlike other forms of computer viruses or malware that have very obvious side effects, Blackshades is designed to stay hidden as long as possible. This allows an attack to take their type and use a simple point-and-click interface to:

  • Steal data from your computer (e.g. collect user names and passwords) as you surf the Internet and engage in online shopping and banking.
  • Browse and steal the files on your computer
  • Take screen shots of what is displayed on your computer
  • Interact with the video camera on your computer and even record video footage
  • Access your instant messaging applications and social networks. It typically uses this to help spread itself. For example, it could post a link to your friend’s social network page using your social network account, thus fooling your friends to click on the link.

How does Blackshades get on your system?

There are many different ways an attacker can gain entry to your system. Many of them involve tricking you to click on a link included in an email or a post to a social network web page. Other entry points leverage little known bugs (called vulnerabilities) in the software that you run on your computer – most commonly your web browser and the plug-ins associated with the browser, for example, to play music or watch movies. The bugs become unintended open front doors when you browse the web allowing attackers to gain access to your system simply by visiting a compromised website (often called a web attack).

How does Norton protect me?

All Norton security products (including Norton Antivirus, Norton Internet Security, Norton 360) incorporate multiple layers of defense against malicious software like Blackshades. Norton started provided protection against the early forms of Blackshades as early as Feb 22nd 2011, using our antivirus technologies. Since then, Blackshades, like most malicious code, has continued to evolve and so have Norton security products. Today these products incorporate multiple additional layers of defense to protect you from Blackshades, including:

  • A sophisticated Intrusion Prevention System (IPS) that protects computers against the growing number of vulnerabilities (up 23 percent in 2013 over the prior year). As mentioned above vulnerabilities (or software bugs) are a common entry point for malicious software onto your system).
  • A set of sophisticated reputation technologies (branded Insight) which leverage our global intelligence network to gather data about files, websites, and IP addresses to help us quickly differentiate “safe” from “dangerous” on behalf of our users.
  • A set of proactive defense technologies (SONAR) that monitor software behaviors in real time looking for the first signs of malicious activity that traditional antivirus might miss.
  • A SafeWeb browser toolbar that helps ensure that the websites you visit are safe and free from attack.
  • A Facebook webpage scanner to keep an eye on your Facebook page and keep it free of malicious links

If you are not already a Norton customer, consider taking Norton for a test drive. On install, it will scan your computer to check for the presence of threads like Blackshades and remove them.

On an ongoing basis it will continuously monitor your computer as you surf the web and keep you safe from attacks like Blackshades.

If you have a machine that is already badly infected thus preventing normal product installation, consider using Norton Power Eraser first to clean up your machine before installing Norton.


Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.