Sunday, September 5, 2010

Remote Administration Trojans (RATs)

Well, this is my third post in which I'm focusing on Security Threats. This post mainly concentrates on Remote Administration Trojans or "affectionately" called RATs.
RATs as the name suggests is a Trojan which are analogous to Backdoors. The difference between RATs and Backdoors is that unlike Backdoors, RATs are not viral in nature and do not propagate themselves.

What are RATs?
RAT is a program that allows a certain person to remotely access and manage remote computers in the internet or across the local network. RATs may be either legitimate or malicious in nature. It totally depends on the person who remotely accesses the computers. A 'legitimate' person uses RATs to remotely fix user computers in a network, whereas a 'Malicious person' or an intruder would use it to achieve a total control over a user's system.

What a RAT does?
RATs can generally do the following:
  • Execute any application on the target Machine
  • Log keystrokes
  • Restart a target machine
  • Lock up a target machine
  • View the contents of any file in the target machine
  • Transfer files to or from the taget machine
  • View, kill and start tasks in the task manager.

How RATs Work?

RATs mostly come in two components:

  • Server
  • Client

The intruder launch the server program on the victim's machine by binding the installing component to the legitimate program using a binder. By this way while the legitimate program runs, the RAT actually works in the background without the user even noticing it.

Ways Of Infection:

  • The hacker can break into the system and set up his own RAT.
  • Through the internet (the most common way) by exploiting the vulnerabilities of ActiveX controls and other features of the IE.

Consequences Of RAT Infection:

  • The intruder can violate user privacy for years without the user even knowing it.
  • RATs can be used to view and disclose private priceless information like passwords, credit card details, web browsing habits, etc,.
  • The hacker might eventually destroy the whole system in order to wipe off his tracks. This can be done by formatting the hard disk drives. By this way all the files would be unrecoverably erased.

Detection Of RATs:

  • By using Registry monitors.
  • Users should also check startup files like AUTOEXEC.BAT, WIN.INI, SYS.INI and CONFIG.SYS.
  • Watching TCP streams of a particular computer.
  • Using Intrusion Detection Systems(IDS).

Removal of RATS:

  • Using effective Anti Virus solutions.
  • Using powerful Anti-Spyware solutions such as Microsoft Anti-Spyware Beta, Spyware Doctor, etc,.
  • In some cases the above solutions can fail to get rid of the RATs. Thus the user should in that case manually remove the registry entries belonging to the RAT.

Wednesday, August 18, 2010

ATM Malware

ATM users! Beware of the ATM malware!! Next time when you use your ATM card keep in mind that there is a malware lurking around and could easily burn a large hole in your pocket.
A case has already been reported in this account where a Bank of America employee stole more than $200,000 from the ATM after installing the malware. Interestingly there wasn't any record of the transaction.

The technique of the attack is indeed ingenious. It just records the Magnetic stripe information at the back of the card as well as the Personal Identification Number (PIN). The data is printed in the receipt roll when a special Master card is inserted in the card slot and launches a user interface. The data can also be stored in the magnetic stripe at the back of the master card. Then your card is open for criminals to access free money from your bank account.

The dangerous thing is that this malware can spread from one ATM to other ATMs across the world through the ATM network. Have a look at the links below:
http://www.wired.com/threatlevel/2010/04/atm-hack/

http://www.computerworld.com/s/article/9134013/ATM_malware_spreading_around_the_world_researcher_says_?taxonomyId=17&intsrc=kc_top&taxonomyName=security

Wednesday, January 6, 2010

Security threat trends for 2010

Happy New Year 2010! 2009 was a very significant year in the field of computer science. We witnessed the launch of Microsoft's new OS, Windows 7. Thankfully for Microsoft, Windows 7 received a good response and reviews from the users. But there is a dark side looming over it. According to PandaLabs forecast, as the malware circulation continues to increase exponentially, there is possibility of more malwares being created for Windows 7. Here is the link to the detailed security threat forecast for the year 2010.
http://pandalabs.pandasecurity.com/computer-threat-trend-forecast-for-2010/

Saturday, February 28, 2009

New Build of Windows 7

Oops! Sorry for being late...I had my exams and then I had to participate in a tech fest so I couldn't get any time to update my blog these all days.
Now that I got some respite from these exams, in this post I would be focusing on the new build of Windows7 (Build 7022) that has been released by Microsoft. This build has the following features:

1.The RC1 of Internet Explorer 8 is now integrated.


2.Samples of video and music tracks were added.


3.The design of the side panel was again adjusted.


4.New views of the Control Panel (Category, large icons and small icons) .




5.A few minor changes to the design of the Windows Media Player.


6.Through the programs and functions option you can now uninstall Media Center, Windows DVD Maker and Windows Media Player

In addition to these changes Windows7 theme is now available as a download in Nokia mobiles.





Wednesday, January 21, 2009

Installing Windows 7

Well, it has been days when Windows 7 beta has become available for download. Just today I stumbled on a site offering important information on Windows 7 installation. Here's the link:
http://www.windows7.cc/beta-downloads/windows-7-installation-instructions/#more-145
Before installing the beta release keep in mind that it's valid upto August 1, 2009. So install this release in a test computer. Not in your personal PC in which you are working. Moreover there's no technical support provided for this release. So if there's any problem you must sort it out by yourself.

Sunday, January 4, 2009

Fix for Generic Host for Win32 Services error

This new year I had made a resolution to fix all the problems that haunt my computer within the first 30 days of the year. Today I started with the most serious one.
I used to encounter regularly with an error message which used to read like this:
"Generic Host Processes for Win32 services has encountered with a problem and needs to close"
This error message causes the following problems:
1. The XP taskbar to change into win98 taskbar for a few seconds and then to XP taskbar again.
2. You try to disconnect the internet but the internet icon won't disappear.
3. The internet activity comes to a halt. The network icon shows the internet to be connected but still no activity occurs. You must restart the computer to start the internet activity normally.
This problem became so irritating that there was a time when I had to restart the computer 6 times in 2 hours. This problem would just drive you crazy.

After a month or so I got the solution of the problem finally. The solution goes like this:
1. Go to START menu-> Run
2. In the small box that opens type: regedit.exe and click OK button. The registry editor will open.
3. In the left pane of the window locate the following keys of the registry:
a. HKEY_LOCAL_MACHINE
b. Expand that and locate SYSTEM.
c. Expand the key and locate CurrentControlSet.
d. Now locate the Services key.
e. By expanding the Services key you will see a vast number of keys under it. Luckily they are in alphabetical order. So try locating NetBT.
f. Within the NetBT locate the Parameters key.
4. By clicking the Parameters key you can find in the right pane there is an option called TransportBindName. Double click the value against it and leave it vacant thus giving a blank value.
5. Minimise all the keys and return to the place where you located the HKEY_LOCAL_MACHINE.
6. Locate the SOFTWARE key.
7. Within the key locate Microsoft.
8. Now locate OLE key within it.
9. By clicking the OLE in the right pane you can locate the EnableDCOM . There you can find the value set to be Y. Change that to N.
10. Close the registry editor. Shut down the windows and restart the computer
You have solved the problem! Happy Computing...

Saturday, January 3, 2009

Skip Vista and Jump to Windows 7 ?

I stumbled into pcworld.in site and got several reasons why should you skip Vista and jump to Windows 7 if you are still using XP and are thinking of upgrading your OS...
Here's the link to that article . Have a look:

http://www.pcworld.in/india/columns/5800115/Soham_Raninga/TechTonicShould_you_Skip_Vista_and_Jump_to_Windows_70