The same DarkComet RAT is used, but it's served with the aid of another piece of malware

Apr 6, 2012 08:25 GMT  ·  By

The Electronic Frontier Foundation (EFF) has warned Syrian activists to be on the lookout for malicious elements that target their Facebook and YouTube login credentials. Now the organization warns them about pieces of malware that spread the remote administration tool known as DarkComet.

Trend Micro experts detailed at the beginning of March the way the piece of malware infects computers, but according to the EFF, a new sample was spotted on March 21.

This version is also sent via Skype, but unlike the previous variation, this is designed to bear the icon of a PDF document.

Once executed, a genuine document is displayed, but two additional files are also dropped in the operating system’s Temp folder.

Unfortunately, not many antivirus products detect this newer variant of the malware, but it can be removed using a tool called DarkComet Remover, offered by the developers of the DarkComet RAT.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1