RAT stands for Remote Access Trojan or Remote Administration Tool. It is one of the most dangerous viruses out there over the internet. Hackers can use it to get complete control of your computer. With it, they can do basically anything with your system.
Using RAT, a hacker can install keylogger & other malicious viruses remotely to your computer, infect files on your system and more. In this post, We will learn about what hackers can do with your computer using RAT and what are some common use of it by hackers.
What is a RAT?
It is a piece of software or program which hacker uses to get complete control of your computer. It can be sent to you in disguise of images, videos or any other files. There is some RAT that even your antivirus software can’t detect. So always be sure about, whatever you are downloading from the internet and never save or download files that anonymous users send you over the mail or in the chat room.
What you can do with RAT?
Once a RAT is installed on any computer hacker can do almost anything with that computer. Some malicious task that you can do with it are listed below:
- Infecting Files
- Installing Keyloggers
- Controlling Computer
- Remotely start webcam, sounds, movies, etc
- Using your PC to attack Website (DDOS)
- View Screen
Types of RATs
- The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder tool shops that do everything—capture screen, sound, and video content. These Trojans are key loggers, remote controllers, FTP servers, HTTP servers, Telnet servers, and password finders.
- Intruders can configure the IP port the RATs listen on, how the RATs execute, and whether the RATs contact the originator by using email, Internet Relay Chat (IRC), or another chat mechanism.
- Intruders intentionally keep limited-function Trojans small (10KB to 30KB) so that they can quickly activate the programs without being noticed. These Trojans often function as keystroke loggers, storing each keystroke the exploited user makes in a hidden file that the intruder can download remotely and analyze later.
Harmless remote access trojans
- As you have seen how harmful RAT is for your computer, but there is some good RAT which some of you might be using daily. You might have heard of TeamViewer, it is a software which you use to control some one’s computer with his permission for file transfer, sharing your screen and more.
Other Trojans install themselves as FTP, Web, or chat servers and steal computing resources. Intruders use some small RATs solely to secure the hard-to-get initial remote access to a host so that they can later upload and install a larger, more powerful RAT at a time when they are less likely to get noticed.
Some Commonly Used RAT
- CyberGate RAT
- DarkComet RAT
Detecting and Removing RATs
If a computer virus or email worm has ever infected your company, the company is a prime candidate for a RAT. Typical antivirus scanners are less likely to detect RATs than worms or viruses because of binders and intruder encryption routines. Also, RATs have the potential to cause significantly more damage than a worm or virus can cause. Finding and eradicating RATs should be a systems administrator’s top priority.
The best anti-malware weapon is an up-to-date, proven antivirus scanner. Scanners detect most trojan and automate the removal process as much as possible. Many security administrators rely on Trojan-specific tools to detect and remove RATs, but you can’t trust some of these products any more than you trust the Trojans themselves. Agnitum’s Tuscan, however, is a top Trojan scanner that has proved its efficiency over the years.
A clear clue to RATs infection is an unexpected open IP port on the suspected machine, especially if the port number matches a known Trojan port. When you suspect that a PC has been infected, disconnect the PC from the Internet so that the remote intruder can’t detect the security probe and initiate more damage. Using the Task List, close all running programs that connect to the Internet (e.g., email, Instant Messaging—IM—clients). Close all programs running from the system tray. Don’t boot to safe mode because doing so often prevents the Trojan from loading into memory, thus defeating the purpose of the test.
Type the keywords Remote Access Trojan into any Internet search engine. When you do, you’ll find hundreds of RATs—so many that most Trojan Web sites sort them alphabetically, with dozens to more than a hundred per alphabetic letter. Let’s take a brief look at two of the most popular RATs: Back Orifice and SubSeven.
Helpful? Read more security-related articles.