FBI Warns Check Your Windows PC for a RAT

The latest warning from the FBI bears a strange resemblance to a trailer for a poltergeist experience. Does your mouse cursor move erratically with no input from you? Does your web camera light unexpectedly turn on? Does your monitor turn off -- for no apparent reason?

In reality, the warning is about Blackshades, a remote access tool malware that affects Microsoft Windows based operating systems.

According to the FBI, the malicious remote administration tool (RAT) has been used to steal passwords and banking credentials, hack into social media accounts and access documents, photos and other computer files. The program can also record all keystrokes, activate webcams to spy on victims, “hold a computer for ransom” and use the computer in distributed denial of service (DDoS) attacks.

The malware gained notoriety in a "sextortion" case involving a teen beauty queen last summer.

International Malware Takedown

The FBI announced yesterday that law enforcement officials in more than a dozen countries made more than 90 arrests in cases involving the "particularly insidious computer malware" called Blackshades.

In what the FBI said was the largest global cyber operation to date, raids were carried out in 18 countries at the homes of people suspected of buying the malware, which was available for $40 a download. The targets for law enforcement included the creators and administrators of Blackshades.

The software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than half a million computers worldwide.

The software made headlines last year when Miss Teen USA Cassidy Wolf became the victim of a cyber “ sextortion” case. Wolf, then 19, told reporters last August she had received an anonymous email in which the sender claimed to have nude photos of her, captured from her webcam, and threatened to put them online unless Wolf provided more nude pictures or videos.

Jared James Abrahams, 20, pled guilty in November and was sentenced to 18 months in prison in the Wolf case.

There has since been an ongoing investigation into the malware, which was described in detail in the indictment and criminal complaints unsealed yesterday in Manhattan federal court:

After installing the RAT on a victim’s computer, a user of the RAT had free rein to, among other things, access and view documents, photographs and other files on the victim’s computer, record all of the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim – all of which could be done without the victim’s knowledge.”

Check Your Computer

So how do you know if your computer is infected? Here’s a list of possible indicators your computer may be infected with Blackshades or similar remote access tool malware, according to the FBI:

  • Mouse cursor moves erratically with no input from user
  • Web camera light unexpectedly turns on when web camera is not in use
  • Monitor turns off while in use
  • Usernames and passwords for online accounts have been compromised
  • Unauthorized logins to bank accounts or unauthorized money transfers
  • Text based chat window appears on your computer’s desktop unexpectedly
  • Computer files become encrypted and ransom demand is made to unlock files

Now What?

The FBI suggests that owners of computers believed to be infected with this malware search the computer's hard drive for the following files, which are known to be present on Blackshade infected computers: 

  • dos_sock.bss
  • nir_cmd.bss
  • pws_cdk.bss
  • pws_chro.bss
  • pws_ff.bss
  • pws_mail.bss
  • pws_mess.bss

To check your computer, click the start menu and type each file name in the search field. If the search yields positive matches for one or more of these files, the computer may be infected with Blackshades.

The FBI encourages anyone who gets positive results to submit a complaint to the Internet Crime Complaint Center with the term “Blackshades” in the incident description section.

Better yet, stop using the computer. Unless you know exactly what you are doing, a RAT infected computer needs some intensive care from a trained professional.

Title image by Viet Images / Shutterstock: An unidentified boy catching many rats on rice field in southern Vietnam. Many Vietnamese people like to eat rat meat after harvesting rice in Mekong Delta.