RAT stands for Remote Access Trojan or Remote Administration Tool. It is one of the most dangerous virus out there over the internet. Hacker can use RAT to get complete control to your computer. He can do basically anything with your computer. Using RAT hacker can install keylogger and other malicious viruses remotely to your computer, infect files on your system and more. In this post i will tell you about what hacker can do with your computer using RAT and tell you about some commonly use RAT by hackers.
What is a RAT ?
As i have told you in my introduction paragraph RAT is Remote Access trojan. It is a peace of software or program which hacker uses to get complete control of your computer. It can be sent to you in the form of images, videos or any other files. There are some RAT that even your antivirus software can not detect. So always be sure about what you are downloading from the internet and never save or download files that anonymous users send you over the mail or in the chat room.What You Can do With RAT?
Once a RAT is installed on any computer hacker can do almost anything with that computer. Some malicious task that you can do with RAT are listed below:
Intruders intentionally keep limited-function Trojans small (10KB to 30KB) so that they can quickly activate the programs without being noticed. These Trojans often function as keystroke loggers, storing each keystroke the exploited user makes in a hidden file that the intruder can download remotely and analyze later. Other Trojans install themselves as FTP, Web, or chat servers and steal computing resources. Intruders use some small RATs solely to secure the hard-to-get initial remote access to a host so that they can later upload and install a larger, more powerful RAT at a time when they are less likely to get noticed.
Type the keywords Remote Access Trojan into any Internet search engine. When you do, you'll find hundreds of RATs—so many that most Trojan Web sites sort them alphabetically, with dozens to more than a hundred per alphabetic letter. Let's take a brief look at two of the most popular RATs: Back Orifice and SubSeven.
Harmless RAT or Good RAT
As you have seen how harmfull RAT is for your computer, but there are some good RAT which some of you might be using daily. You might have heard of TeamViewer, it is a software which you use to control some one's computer with his permission for file transfer, sharing your screen and more.
The best anti-malware weapon is an up-to-date, proven antivirus scanner. Scanners detect most RATs and automate the removal process as much as possible. Many security administrators rely on Trojan-specific tools to detect and remove RATs, but you can't trust some of these products any more than you trust the Trojans themselves. Agnitum's Tauscan, however, is a top Trojan scanner that has proved its efficiency over the years.
A clear clue to RAT infection is an unexpected open IP port on the suspected machine, especially if the port number matches a known Trojan port. When you suspect that a PC has been infected, disconnect the PC from the Internet so that the remote intruder can't detect the security probe and initiate more damage. Using the Task List, close all running programs that connect to the Internet (e.g., email, Instant Messaging—IM—clients). Close all programs running from the system tray. Don't boot to safe mode because doing so often prevents the Trojan from loading into memory, thus defeating the purpose of the test.
- Infecting Files
- Installing Keyloggers
- Controlling Computer
- Remotely start webcam, sounds, movies etc
- Using your PC to attack Website (DDOS)
- View Screen
Types of RATs
The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder toolshops that do everything—capture screen, sound, and video content. These Trojans are key loggers, remote controllers, FTP servers, HTTP servers, Telnet servers, and password finders. Intruders can configure the IP port the RATs listen on, how the RATs execute, and whether the RATs contact the originator by using email, Internet Relay Chat (IRC), or another chat mechanism. The more malicious RATs contain rogue mechanisms that hide the Trojans from prying eyes, encrypt communications, and contain professional-looking APIs so that other intruder developers can insert additional functionality. These RATs' aggressive functionality makes them larger—often 100KB to 300KB—and somewhat riskier for the intruder to install without anyone noticing.Intruders intentionally keep limited-function Trojans small (10KB to 30KB) so that they can quickly activate the programs without being noticed. These Trojans often function as keystroke loggers, storing each keystroke the exploited user makes in a hidden file that the intruder can download remotely and analyze later. Other Trojans install themselves as FTP, Web, or chat servers and steal computing resources. Intruders use some small RATs solely to secure the hard-to-get initial remote access to a host so that they can later upload and install a larger, more powerful RAT at a time when they are less likely to get noticed.
Type the keywords Remote Access Trojan into any Internet search engine. When you do, you'll find hundreds of RATs—so many that most Trojan Web sites sort them alphabetically, with dozens to more than a hundred per alphabetic letter. Let's take a brief look at two of the most popular RATs: Back Orifice and SubSeven.
Harmless RAT or Good RAT
As you have seen how harmfull RAT is for your computer, but there are some good RAT which some of you might be using daily. You might have heard of TeamViewer, it is a software which you use to control some one's computer with his permission for file transfer, sharing your screen and more.
Some Commonly Used RAT
- ProRAT
- CyberGate RAT
- DarkComet RAT
Detecting and Removing RATs
If a computer virus or email worm has ever infected your company, the company is a prime candidate for a RAT. Typical antivirus scanners are less likely to detect RATs than worms or viruses because of binders and intruder encryption routines. Also, RATs have the potential to cause significantly more damage than a worm or virus can cause. Finding and eradicating RATs should be a systems administrator's top priority.The best anti-malware weapon is an up-to-date, proven antivirus scanner. Scanners detect most RATs and automate the removal process as much as possible. Many security administrators rely on Trojan-specific tools to detect and remove RATs, but you can't trust some of these products any more than you trust the Trojans themselves. Agnitum's Tauscan, however, is a top Trojan scanner that has proved its efficiency over the years.
A clear clue to RAT infection is an unexpected open IP port on the suspected machine, especially if the port number matches a known Trojan port. When you suspect that a PC has been infected, disconnect the PC from the Internet so that the remote intruder can't detect the security probe and initiate more damage. Using the Task List, close all running programs that connect to the Internet (e.g., email, Instant Messaging—IM—clients). Close all programs running from the system tray. Don't boot to safe mode because doing so often prevents the Trojan from loading into memory, thus defeating the purpose of the test.
Post a Comment
Post a Comment