Sunday, September 5, 2010

Remote Administration Trojans (RATs)

Well, this is my third post in which I'm focusing on Security Threats. This post mainly concentrates on Remote Administration Trojans or "affectionately" called RATs.
RATs as the name suggests is a Trojan which are analogous to Backdoors. The difference between RATs and Backdoors is that unlike Backdoors, RATs are not viral in nature and do not propagate themselves.

What are RATs?
RAT is a program that allows a certain person to remotely access and manage remote computers in the internet or across the local network. RATs may be either legitimate or malicious in nature. It totally depends on the person who remotely accesses the computers. A 'legitimate' person uses RATs to remotely fix user computers in a network, whereas a 'Malicious person' or an intruder would use it to achieve a total control over a user's system.

What a RAT does?
RATs can generally do the following:
  • Execute any application on the target Machine
  • Log keystrokes
  • Restart a target machine
  • Lock up a target machine
  • View the contents of any file in the target machine
  • Transfer files to or from the taget machine
  • View, kill and start tasks in the task manager.

How RATs Work?

RATs mostly come in two components:

  • Server
  • Client

The intruder launch the server program on the victim's machine by binding the installing component to the legitimate program using a binder. By this way while the legitimate program runs, the RAT actually works in the background without the user even noticing it.

Ways Of Infection:

  • The hacker can break into the system and set up his own RAT.
  • Through the internet (the most common way) by exploiting the vulnerabilities of ActiveX controls and other features of the IE.

Consequences Of RAT Infection:

  • The intruder can violate user privacy for years without the user even knowing it.
  • RATs can be used to view and disclose private priceless information like passwords, credit card details, web browsing habits, etc,.
  • The hacker might eventually destroy the whole system in order to wipe off his tracks. This can be done by formatting the hard disk drives. By this way all the files would be unrecoverably erased.

Detection Of RATs:

  • By using Registry monitors.
  • Users should also check startup files like AUTOEXEC.BAT, WIN.INI, SYS.INI and CONFIG.SYS.
  • Watching TCP streams of a particular computer.
  • Using Intrusion Detection Systems(IDS).

Removal of RATS:

  • Using effective Anti Virus solutions.
  • Using powerful Anti-Spyware solutions such as Microsoft Anti-Spyware Beta, Spyware Doctor, etc,.
  • In some cases the above solutions can fail to get rid of the RATs. Thus the user should in that case manually remove the registry entries belonging to the RAT.
Posted by at

1 comment:

bcdalai said...

Good post.

@bcdalai2020

September 17, 2010 at 4:06 AM

Post a Comment

Subscribe to: Post Comments (Atom)