Trojan bargain with Windows 8 support

The feature list offers a range of espionage functions. While some anti-virus vendors have problems with Microsoft's newest operating system, the cybercrime community has already jumped on the Windows 8 train. For example, on a Google-hosted site, for €40, a "Remote Administration Tool" called Xtreme RAT, which is already Windows-8-compatible, is available with free updates included.

The list of built-in functions makes it clear that the developers were not offering a tool that provides simple administration of remote computers. The tool includes, among other functions, a keylogger which can store the recorded keystrokes to any FTP server and can capture passwords from all major browsers.

Xtreme RAT can also transmit the screen contents to the "admin" and tap webcams and microphones. The developer advertises that his tool can trick Data Execution Prevention (DEP) and that the latest version works with the so-called Cryptem – these are special programs that change executable files to impede detection by antivirus software. It is hard to imagine that these functions are looked for in a legitimate remote administration tool.

The developer takes payment with Paypal Anti-virus programs are also of the opinion that Xtreme RAT is not quite kosher. On a virtual machine test run by The H's associates at heise Security, the Xtreme RAT server software was immediatly quarantined by Windows Defender. At VirusTotal it was detected by 38 of the 43 virus scanners, but the developer is already prepared: for €100 he is offering a "Fully Undetectable" version (FUD) which is supposedly not detected by virus scanners. Free updates are again included. For €350 you can even buy the source code.

A report by Trend Micro shows that users who's computers were "remotely administrated" with the RAT tool might not always completely agree with it. According to the report, Xtreme RAT was recently used for a cyber attack against the Israeli police which forced all police computers temporarily offline.

(djwm)