McAfee says nothing shady about Shady RAT

If you think the global cyber-espionage attacks in Shady RAT are hype, then you're "clueless" according to the man who discovered the attacks.

Threat research vice president Dmitri Alperovitch hit back at criticism that the attacks were hype and were standard fare for cyber security intrusions.

"If you think this is an unsophisticated botnet then you've got no clue, or you're not willing to talk about it," Alperovitch said.

"These were targeted compromises of a wide range of organisations, in every sector. These were very specific victims.

"It was not an automated attack. It had humans working at the ends and they adapt to a target's defences."

Seventy high-profile organisations like defence contractors, governments and enterprises fell victim to the attacks. Each was hit with social engineering attacks and various exploits, Alperovitch said.

Symantec noted that a trojan used in the attacks pointed to servers that hid commands within images. The malware was delivered by infected files exploiting software like Excel, Word and Adobe.

It said the attack was significant, but was "one of many similar attacks taking place daily".

"Is the attack described in Operation Shady RAT a truly advanced persistent threat? I would contend that it isn’t, especially when you consider the errors made in configuring the servers and the relatively non-sophisticated malware and techniques used in this case. Sure the people behind it are persistent but no more so than the myriad of other malware groups out there such as Zeus, Tidserv, and others like them," researcher Hon Lau said in a blog.

Alperovitch joked that the criticism was from security companies that "wished they had reported on [Shady RAT] first".