Into the Darknet: What is MTV?

This week we relaunch our "Into the Darknet" blog series that will not only provide a better understanding of the darknet's history, users, uses and purpose, but will also take an in-depth look at other hot topics in DARKINT, cybersecurity, including malware, toolkits, viruses, cryptocurrency, marketplaces and OPSEC.

keyboard-lit-dark.jpg

In this post, we take a high-level look at malware, toolkits and viruses (MTV), as they are some of the most commonly discussed, released and exchanged tools on the darknet.

Our analysts have adopted the term "MTV" to refer generally to a collection of malware, toolkits and viruses that are used to test, penetrate, exploit or compromise personal or commercial information systems and data. Common systems where MTV could be employed include desktop computers, laptops, servers, network devices, routers, firewalls, printers, WiFi adapters, tablets and smartphones.


What is MTV?

MTV is, and includes, any type of software code used either for good (information assurance) or bad (malicious) purposes, such as: Bots, Password Crackers, Rootkits, Adware, Backdoor Access, Keyloggers, Ransomware and Remote Access Trojans.

The average hacker will have some or all of these handy in his or her arsenal of tools to use against targeted information systems and will often utilize a variety of MTV in a full-fledged attack, depending on the intent of the operation.

Both penetration testing and risk analysis activities, like those conducted by the OWL Cybersecurity teams, utilize these MTV tools for preventative purposes, to detect security holes which could lead to a compromised network. For example, THC Hydra (an open-source password cracking tool) can be used to test the strength of users' passwords on private or commercial networks.

Malicious hackers, cyber spies and cyber criminals, however, can easily use this same code to exploit user accounts with weak credentials.

Type of MTV

Description

Bot

Code installed on a compromised computer enslaving the system to a master botnet owner, who controls the, now zombie, along with hundreds or thousands of other infected systems to conduct large-scale attacks.

Password Cracker

While a password protects a computer from unauthorized access, a password cracker is code designed to intelligently guess or recover a password in order to gain access to a targeted system. Common open source password crackers include Brutus and John the Ripper.

Rootkit

A clandestine computer program designed to provide continued, administrative access to a computer while actively concealing its presence, burying itself deep within the system. Famous rootkit malware includes Flame and Zeus.

Adware

Computer code designed to influence the user’s internet browsing experience by displaying specific advertising content. Malicious versions of adware incorporate spyware, which collects and disseminates a user’s personal information, passwords and browsing history.

Backdoor

An undocumented method to obtain access to a computer information system from a remote location. Some backdoors are intentionally installed by developers for debugging and troubleshooting purposes, while others are installed by MTV developers to maintain persistent, unauthorized access.

Keylogger

A covert tool used to record the keystrokes of a user of a computer information system, often to gain unauthorized access, which stores personal information, usernames and passwords. Keyloggers are utilized in both software and hardware implementations. Popular open source keyloggers include REFOG and Revealer.

Ransomware

Malicious code used to block access to, or data contained on, a computer information system, for the purpose of financial gain. The most destructive form of MTV, ransomware employed in 2016 includes Cerber, Locky and Cyptowall.

Remote Access Trojan

Software used for precise, malicious operation, a remote access trojan (RAT) provides complete control over a remote computer information system. These are the most difficult to detect, as RATs often mimic legitimate commercial remote administration tools. Common RATs used for malicious purposes include: Sakula, Dark Comet and Havex.

A brief History of MTV

The first example of malware debuted in the early 1980's as a software video game piggyback, displaying the now-infamous Elk Cloner poem and corrupting the Apple boot sector. 

It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!

It will stick to you like glue
It will modify ram too

Send in the Cloner!
— Elk Cloner Poem

In the late 1990's and early 2000's, both the MTV market and the hacker community exploded with the propagation of the internet, aggressive social engineering tactics and the exploitation of spam emails for malware distribution.

By the mid-to-late 2000's, malware like Conficker and Sinowal demonstrated how aggressively a virus can spread, and remote command and control, enabled via clandestine communication and package concealment was born.

As antivirus companies grew to counter these emerging threats, the hacker community accepted the challenge and created even more sophisticated and difficult to detect MTV.

Accessing valuable protected information

As society has become more dependent on online activity, our digital footprints, or online presences, have expanded. A lucrative market for the trade in this information existing on the darknet, with high value placed on personally identifiable information (PII), among other bits of data.

Malicious hackers and cyber criminals require a variety of MTV tools, such as network discovery tools, password crackers and backdoor access programs, in order to gain unauthorized access to key systems containing this valuable data.

These attackers establish a persistent presence via advanced persistent threats (APT) and remote access tools (RAT) to evade detection - and mitigate any IT security measures in place there to stop them.

Once connections are established and secured, hackers launch automated data mining programs to harvest valuable information, like PII, and send it to a remote server for final dissemination or leverage. 


UP NEXT In "Into the darknet"

In our next post, we will take a look at the "who" behind the development of MTV, and, through our unique DARKINT, get to know some of the known, key actors of the darknet.