Major cyberspy network uncovered.

**LttCoder** · 29-03-2009

Major cyber spy network uncovered

seems like they used "Ghost RAT" which source can be found at
http://www.opensc.ws/c-c/3462-gh0st-...urce-code.html

so is this RAT really good enough for highlevel infiltration?

**LttCoder** · 29-03-2009

more about ghostnet
http://www.f-secure.com/weblog/archives/00001637.html

**gangster136** · 29-03-2009

WOW. now imagin what spynet can do on all of there PC's

**Berzek** · 29-03-2009

I doubt they used a silly "ghost Rat" , nor "opensource rat"
they code their own malware.

**mjrod5** · 29-03-2009

lol
GhostRAT?
That thing is shit..
It was helpful to me, but not on a scale that big..
Its ok but then again its shit. :S

**Berzek** · 29-03-2009

yes, some articles says "Ghostnet" or "GhostRat" , that is to divert from the public of the true!.

**mjrod5** · 29-03-2009

I wonder if they added encryption to it.. ?
They probably didnt and thats why they got caught ^^

**LinuZ_** · 30-03-2009

Anyone of you considered the chance that there might be multiple RATs with the same names?
GhostNet sounds kinda nice, I doubt there is only 1 RAT using that name...

**LttCoder** · 30-03-2009

Ghostnet is the botnets name. They used those HTTP based bots where the interface is on a homepage where you can login and send commands to the bot.

in addition to that they used Gh0st RAT on the bots individually to spy on it.

according to the Gh0stnet research document:

Control over some targeted
machines is maintained using the Chinese gh0st RAT (Remote Access Tool). These Trojans generally
allow for near-unrestricted access to the infected systems.

One of the commands available to the attacker(s) instructs infected computers to download the
gh0st RAT remote administration tool, which gives the attacker(s) full, real-time control of the infected
computer. Gh0st RAT is an open source Trojan that is widely available online. It was developed by
Chinese programmers but has now been translated into English. The program allows an attacker to
create an executable fle that can be repacked and disguised and used to infect and compromise a target
computer. This fle can be confgured to directly connect to the gh0st RAT owner or to a third location, a
control server, when it retrieves the current IP address of the gh0st RAT owner.

what really attracts my interest in this research is that the chinese hackers used a "NO-IP/DYNDNS"-like service that is located in China.
We all know NO-IP nulls and closes your domain when they find out you run botnet/trojans on it. But the chinese version doesnt. They dont give a damn.
So you can collect bots for years and keep collecting without the fear of losing them one day.
the dns service is http://www.3322.org/ i think.
Imma gonna get some chinese to sign up an account and domain there.
and in exchange for their hostility i might even ddos some Tibetanian site

**SqUeEzEr** · 30-03-2009

Originally Posted by LttCoder

Ghostnet is the botnets name. They used those HTTP based bots where the interface is on a homepage where you can login and send commands to the bot.

Whoa! I am currently busy on a project that uses the same basics:cool: Hmm,, not so bad idea after all then

Thread: Major cyberspy network uncovered.

LinkBack

Thread Tools

Display

Major cyberspy network uncovered.

Thread Information

Users Browsing this Thread

Similar Threads

wireless network scanner

Add Network Share Proplem [NetShareAdd]

Demystifying Network Attacks DoS/DDoS Edition - By xyr9x

Network Shutdown 1.0

Access to other computers over the same network ?

Posting Permissions