BlackShades Malware – What is it and Should I be Worried?

Person wearing a hooded shirt and a white mask, sitting in front of multiple computer monitors

Well here we go again, a new threat to personal privacy and another way for people to gain total access to your computer. Only this one’s slightly different because it’s completely legal product.

So what is it and why is it legal?  Blackshades is a program called a “Remote Access Tool” or RAT for short.  Surprisingly fitting acronym I must say.  These programs exist to allow employers to remotely access their employee computers, install things on them from another location, and are generally used as a tool to help the IT team.  It’s like Microsoft’s TeamViewer, only it doesn’t need to ask you for permission to use the computer it just takes over once it’s installed.

Now this does sound like a good idea for a product.  It increases IT efficiency and enables IT people or management to remotely operate company computers if they are off site. The product is completely legal and has actual uses for certain companies/people.

Where it gets illegal is some of the malicious uses it can have. Blackshades can be customized to each user’s individual needs. This allows people with little to no technical knowledge of the software to easily use it for nefarious purposes. Blackshades allows you to completely control another computer, and if it’s installed on your computer somehow (usually through email attachments or other means) it would give the user access to everything. It can be used to control webcams, view files, record keystrokes, control the mouse and keyboard and pretty much anything else you can imagine. It gives another person total access to your PC.

Now this all sounds very scary, and it is, but the FBI is taking care of it. The perpetrators are being arrested worldwide (somewhere around 100 people so far, sources disagree on the exact number) Blackshades’ website has been shut down, the servers running the service shut off, and the owners of the software are being investigated. It is being taken care of, but brings up the question of how bad this situation actually is.

Thankfully it could have been quite a bit worse. Don’t get me wrong, estimates place about 500 000 computers being affected worldwide and each of these cases has disastrous potential. But it could have been worse. In the grand scheme of things 500 000 computers is nothing. According to mapsofworld.com there are approximately 310.6 million PC’s in use in the USA alone. So let’s do a tiny bit of math. According to Symantec only 37% of the computers affected were American. 37% of 500 000 is 185 000, and there are 310.6 million personal computers in the USA. So ~0.0006% of PCs in America were affected. For some perspective 0.000333 are your odds of being struck by lightning.

The amount of terrible luck you would need to be affected by BlackShades is incredible.

To close this all off some people were extorted into paying to regain access to their files, some people had their usernames and passwords stolen and some people had their webcams remotely turned on without them knowing.  The consequences of being targeted by someone using BlackShades can be terrible, and for all intents and purposes please, please follow the FBI’s instructions on how to check if you’ve been affected. But the odds of your computer being targeted are miniscule and the people using the software are being dealt with.  This could have been much worse than it is.

 

By: Michael Kachaniwsky

Sai Kit Chu
Sai Kit Chu
Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.