Hello and welcome to the Thursday, November 3, 2020 edition of the Santernate Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Brad's diary from today goes a little bit of different route than what he usually does.

He's not looking at sort of one specific infection,

but really more looking at how a particular tool,

dark VNC, evolved over time.

Now, first time that Pratt was able to find,

or the earliest sample that Pratt was able to find is sort of from the 2012-2013

time frame, but then he hasn't seen it much sort of just occasionally until sort of mid-2021,

when it sort of really showed up much more common.

You're probably familiar with the tool VNC, the virtual network computing, which is a remote admin

tool, legitimate tool, often, of course, abused.

But that's not what we talk about here.

Dark VNC or another variant, sometimes called hidden VNC, essentially uses the same sort of network

protocol and capabilities.

So from an attacker's point of view, it looks very similar, but it removes some of the

indicators that a user may see of this tool running on their system.

That, of course, makes it ideal for malicious remote access to a system

and Brad is going over some of the network traffic patterns that you may see if a system is

infected with dark VNC, VNC, hidden VNC, the network traffic for all these tools looks somewhat similar.

Well, I haven't really seen a lot of sort of news articles reporting about the open source

security foundation, finally releasing version 1.0, so the general availability release of Sixth Store.

...