Hacker whose DarkComet virus infected thousands of computers around the world was detained in Ukraine

The Carpathian Cyber Police closed in on a hacker who managed to infect thousands of computers with the DarkComet virus in 50 countries. The modified virus was created for remote access and control of the victim’s computer.

The criminal proceedings for violation was initiated under part 2 of Article 361 of the Criminal Code of Ukraine (computers hacking) and part 1 Article 361-1 (creation and distribution of harmful software).

During the investigation, the Cyber Police officers closed in on 42-year-old resident of Lviv region, who installed a Trojan control center on his own computer and modified it. The place of residence of the hacker was searched, and a laptop with a virus and a PC were seized. During the inspection of the devices, they found an admin panel for access to infected computers, installation files of the virus, screenshots of from the controlled computers.

The department reported that DarkComet provides full remote access to controlled computers, in particular, the ability to upload and download files, manage autoloads and services, take screenshots, intercept microphone audio and video from cameras. It also has a keylogger (keystroke monitoring), clipboard monitor, network utilities, and the ability to shut down and restart a remote computer.

The Сyber Police recommends to check your own computers, despite the small number of computers that have been infected (about 2000). To do this on Windows computers, you need to run cmd console and enter the command for monitoring active netstat-nao network connections.

If you see a connection to host and port 1604 or 81 in the list of connections, the computer is infected.