The Ukrainian cyber police have busted a resident of Lviv region who infected almost 2,000 computers in over 50 countries with malware.
“Cyber police officers conducting a pretrial investigation uncovered a crime committed by a 42-year-old resident of Lviv region. The man installed a Trojan virus administration program on his computer and modified it to send out client versions of the virus,” the press service of the Ukrainian National Police said on Nov. 23 morning.
Cyber police specialists analyzed the malware and established that the virus provided full remote access to computers, including “the possibility of downloading and uploading files, managing autoloading and services, remotely administering the register, installing and uninstalling programs, taking screenshots of a remote computer, and intercepting the sound coming through the microphone and videos from built-in and external cameras.”
In addition, the DarkComet virus contained a keylogger (for recording which buttons are pressed), a communication buffer monitoring device, a package of network utility tools, and a mechanism for remotely turning off and restarting the infected computer. The program used back-connect – that is, it initiated the connection with the administering PC.
The suspect’s residence was searched. The police seized a laptop infected with the malware and a PC. Cyber police specialists conducted a preliminary examination of the hardware and found a panel administering access to infected computers, malware installation files, and screenshots from administered computers. The hardware was taken for a technical examination.
Ukrainian cyber police suggested that users screen their devices for the virus.