Malware in this family consists of DarkComet, a program designed for remotely controlling or administering a victim computer. The connection parameters are encrypted in the program’s executable class=”most_attacked_countries”.
The program performs the following functions:
- Obtaining information about the infected computer.
- Controlling processes.
- Interpreting commands sent remotely.
- Obtaining a list of windows.
- Providing remote desktop access.
- Deleting programs.
- Managing system services.
- Modifying the system registry.
- Modifying files via the built-in file manager.
- Capturing video and audio from a webcam or microphone.
- Saving keystrokes to a file (keystroke information is not encrypted and is stored in the folder %APPDATA%dclogs in files with the name format YY-MM-DD.dc).
- Acting as a SOCKS proxy server.
- Redirecting IP addresses and ports.
- Capturing clipboard contents.
- Shutting off and restarting the operating system.
- Downloading, sending, and running files.
- Sending keystroke logs to a remote FTP server.
Top 10 countries with most attacked users (% of total attacks)
||% of users attacked worldwide*
||United Arab Emirates
* Percentage among all unique Kaspersky users worldwide who were attacked by this malware