You are viewing our Forum Archives. To view or take place in current topics click here.
What is an R.A.T [INFORMATION]
Posted:
What is an R.A.T [INFORMATION]Posted:
Status: Offline
Joined: May 23, 201211Year Member
Posts: 224
Reputation Power: 8
Status: Offline
Joined: May 23, 201211Year Member
Posts: 224
Reputation Power: 8
What is a RAT (remote access Trojan)?
A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including:
Monitoring user behavior through keyloggers or other spyware.
Accessing confidential information, such as credit card and social security numbers.
Activating a system's webcam and recording video.
Taking screenshots.
Distributing viruses and other malware.
Formatting drives.
Deleting, downloading or altering files and file systems.
The Back Orifice rootkit is one of the best known examples of a RAT. A hacker group known as the Cult of the Dead Cow created Back Orifice to expose the security deficiencies of Microsoft's Windows operating systems.
RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.
To protect your system from RATs, follow the same procedures you use to prevent other malware infections: Keep antivirus software up to date and refrain from downloading programs or opening attachments that aren't from a trusted source. At the administrative level, it's always a good idea to block unused ports, turn off unused services and monitor outgoing traffic.
Types of RATs
The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder toolshops that do everythingcapture screen, sound, and video content. These Trojans are key loggers, remote controllers, FTP servers, HTTP servers, Telnet servers, and password finders. Intruders can configure the IP port the RATs listen on, how the RATs execute, and whether the RATs contact the originator by using email, Internet Relay Chat (IRC), or another chat mechanism. The more malicious RATs contain rogue mechanisms that hide the Trojans from prying eyes, encrypt communications, and contain professional-looking APIs so that other intruder developers can insert additional functionality. These RATs' aggressive functionality makes them largeroften 100KB to 300KBand somewhat riskier for the intruder to install without anyone noticing.
Intruders intentionally keep limited-function Trojans small (10KB to 30KB) so that they can quickly activate the programs without being noticed. These Trojans often function as keystroke loggers, storing each keystroke the exploited user makes in a hidden file that the intruder can download remotely and analyze later. Other Trojans install themselves as FTP, Web, or chat servers and steal computing resources. Intruders use some small RATs solely to secure the hard-to-get initial remote access to a host so that they can later upload and install a larger, more powerful RAT at a time when they are less likely to get noticed.
Type the keywords Remote Access Trojan into any Internet search engine. When you do, you'll find hundreds of RATsso many that most Trojan Web sites sort them alphabetically, with dozens to more than a hundred per alphabetic letter. Let's take a brief look at two of the most popular RATs: Back Orifice and SubSeven.
How to get rid of a R.A.T?
1. First you need to ensure you have a decent antivirus (free ones are fine)
#Good free AV options (that won't slow down your PC)
BitDefender Free
Ad-Aware AntiVirus Free
Microsoft Security Essentials
[ Register or Signin to view external links. ] .
[ Register or Signin to view external links. ] .
[ Register or Signin to view external links. ] .
2. You will need a malware scanner (slightly different. Does not provide real-time protection, but has high detection rates when scanned manually)
#Hitman Pro uses 3 different top antivirus scannign engines for excellent detection rates. It will identify infections, but will not remove them unless registered.
#MalwareBytes on the other hand is totally free for home users.
[ Register or Signin to view external links. ]
[ Register or Signin to view external links. ] .
3. Run a rootkit scanner to detect malicious registry settings.
MalwareBytes Anti-Rootkit
RogueKiller
[ Register or Signin to view external links. ] .
[ Register or Signin to view external links. ] .
If it will make things easier, I would recommend using the following apps, (Links provided above)
I would recommend
BitDefender Free AV
(Install Bitdefender if you don't already have one of the following antiviruses; Emsisoft AV, F-Secure AV, BitDefender AV, GData AV or Kaspersky AV)
MalwareBytes Anti-Malware
MalwareBytes Anti-Rootkit
Once installed, install and scan using each of these apps. This should detect any infections and allow you to remove them.
A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including:
Monitoring user behavior through keyloggers or other spyware.
Accessing confidential information, such as credit card and social security numbers.
Activating a system's webcam and recording video.
Taking screenshots.
Distributing viruses and other malware.
Formatting drives.
Deleting, downloading or altering files and file systems.
The Back Orifice rootkit is one of the best known examples of a RAT. A hacker group known as the Cult of the Dead Cow created Back Orifice to expose the security deficiencies of Microsoft's Windows operating systems.
RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.
To protect your system from RATs, follow the same procedures you use to prevent other malware infections: Keep antivirus software up to date and refrain from downloading programs or opening attachments that aren't from a trusted source. At the administrative level, it's always a good idea to block unused ports, turn off unused services and monitor outgoing traffic.
Types of RATs
The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder toolshops that do everythingcapture screen, sound, and video content. These Trojans are key loggers, remote controllers, FTP servers, HTTP servers, Telnet servers, and password finders. Intruders can configure the IP port the RATs listen on, how the RATs execute, and whether the RATs contact the originator by using email, Internet Relay Chat (IRC), or another chat mechanism. The more malicious RATs contain rogue mechanisms that hide the Trojans from prying eyes, encrypt communications, and contain professional-looking APIs so that other intruder developers can insert additional functionality. These RATs' aggressive functionality makes them largeroften 100KB to 300KBand somewhat riskier for the intruder to install without anyone noticing.
Intruders intentionally keep limited-function Trojans small (10KB to 30KB) so that they can quickly activate the programs without being noticed. These Trojans often function as keystroke loggers, storing each keystroke the exploited user makes in a hidden file that the intruder can download remotely and analyze later. Other Trojans install themselves as FTP, Web, or chat servers and steal computing resources. Intruders use some small RATs solely to secure the hard-to-get initial remote access to a host so that they can later upload and install a larger, more powerful RAT at a time when they are less likely to get noticed.
Type the keywords Remote Access Trojan into any Internet search engine. When you do, you'll find hundreds of RATsso many that most Trojan Web sites sort them alphabetically, with dozens to more than a hundred per alphabetic letter. Let's take a brief look at two of the most popular RATs: Back Orifice and SubSeven.
How to get rid of a R.A.T?
1. First you need to ensure you have a decent antivirus (free ones are fine)
#Good free AV options (that won't slow down your PC)
BitDefender Free
Ad-Aware AntiVirus Free
Microsoft Security Essentials
[ Register or Signin to view external links. ] .
[ Register or Signin to view external links. ] .
[ Register or Signin to view external links. ] .
2. You will need a malware scanner (slightly different. Does not provide real-time protection, but has high detection rates when scanned manually)
#Hitman Pro uses 3 different top antivirus scannign engines for excellent detection rates. It will identify infections, but will not remove them unless registered.
#MalwareBytes on the other hand is totally free for home users.
[ Register or Signin to view external links. ]
[ Register or Signin to view external links. ] .
3. Run a rootkit scanner to detect malicious registry settings.
MalwareBytes Anti-Rootkit
RogueKiller
[ Register or Signin to view external links. ] .
[ Register or Signin to view external links. ] .
If it will make things easier, I would recommend using the following apps, (Links provided above)
I would recommend
BitDefender Free AV
(Install Bitdefender if you don't already have one of the following antiviruses; Emsisoft AV, F-Secure AV, BitDefender AV, GData AV or Kaspersky AV)
MalwareBytes Anti-Malware
MalwareBytes Anti-Rootkit
Once installed, install and scan using each of these apps. This should detect any infections and allow you to remove them.
The following 4 users thanked SprinxzDvar for this useful post:
#2. Posted:
Status: Offline
Joined: Apr 12, 201113Year Member
Posts: 544
Reputation Power: 22
well i leanred something from this for sure, very informative and useful. you got my thanks
- 0useful
- 0not useful
#3. Posted:
Status: Offline
Joined: Feb 22, 201014Year Member
Posts: 2,221
Reputation Power: 88
I almost cried to how bad this guide was.
- 1useful
- 1not useful
#4. Posted:
Status: Offline
Joined: May 23, 201211Year Member
Posts: 224
Reputation Power: 8
Status: Offline
Joined: May 23, 201211Year Member
Posts: 224
Reputation Power: 8
Jaxs wrote I almost cried to how bad this guide was.
Hey, could you explain why you think it is bad, Maybe i can improve it, Thanks! ;)
- 0useful
- 0not useful
#5. Posted:
Status: Offline
Joined: May 18, 201112Year Member
Posts: 16,358
Reputation Power: 24344
Status: Offline
Joined: May 18, 201112Year Member
Posts: 16,358
Reputation Power: 24344
You are viewing our Forum Archives. To view or take place in current topics click here.