Title:What is a RAT (remote access Trojan)
A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
Because
a RAT enables administrative control, it makes it possible for the intruder to
do just about anything on the targeted computer, including:
·
Monitoring user behavior
through keyloggers or other spyware.
·
Accessing confidential information,
such as credit card and social security numbers.
·
Activating a system's webcam and
recording video.
·
Taking screenshots.
·
Distributing viruses and other
malware.
·
Formatting drives.
·
Deleting, downloading or altering
files and file systems.
The Back Orifice rootkit is one of the best known examples of a RAT. A
hacker group known as the Cult of the Dead Cow created Back Orifice to expose
the security deficiencies of Microsoft's Windows operating systems.
RATs
can be difficult to detect because they usually don't show up in lists of
running programs or tasks. The actions they perform can be similar to those of
legitimate programs. Furthermore, an intruder will often manage the level of
resource use so that a drop in performance doesn't alert the user that
something's amiss.
To
protect your system from RATs, follow the same procedures you use to prevent
other malware infections: Keep antivirus software up to date and refrain from
downloading programs or opening attachments that aren't from a trusted source.
At the administrative level, it's always a good idea to block unused ports,
turn off unused services and monitor outgoing traffic.
RAT
also stands for remote administration tool.
0 comments:
Post a Comment