| Remote
Administration Trojan's |
Introduction The
Remote Administration Trojans, also known as RATs are the most popular type of
Trojans today. This type of Trojan allows the creator or who ever is using it
to gain access to victims are there and perform many functions on their computer.
These RATs are very easy to use, coming in a package of two files a server file
and a client file. If you can get a chance to run the server file, resulting in
obtaining his/her IP address, you will gain full control over their computer.
These Trojans can also be bind into other programs which seem to be justifiable.
Remote Administration Trojans in a general
sense open a port on your computer and themselves to it. What they are really
doing is making the server file listen to incoming connections and data come through
these ports. Once some one runs their clime program and enters the victims IP
address, the Trojan starts receiving commands from the attacker and runs them
on the victim's computer. The most common non-viral
malware which acts as a virus and infects information is said to be a Trojan horse.
The Trojan horse bears the name of some standard program. A
Trojan horse could be either:
1. An unauthorized instruction contained with
in a legitimate program. These instructions perform functions unknown to the user.
2.
A legitimate program that has been altered by the placement of unauthorized instructions
within it.
3. Any program that appears to perform a desirable and function
but that (because of unauthorized instructions with in it) performs functions
unknown to the user.
These all instructions are unwanted to the user. Under
a restricted environment, (a restricted UNIX shell or a restricted Windows computer)
malicious Trojans can't do much, since they are restricted in their actions. But
on an ordinary PC, Trojans can be lethal and quite destructive. Most
windows Trojans hide from the Alt+Ctrl+Del menu. (We haven't seen any program
that had the ability to hide itself from the processes list yet, but you can know-one
day some one might discover a way to do so.) This is bad because there are people
who use the task list to see which process are running .There are programs that
will tell us exactly what process are running on your computer. Also
some Trojans might simply open an FTP server on your computer (usually NOT PORT
21, the default FTP port, in order to be less noticeable). The FTP server is,
of course passworded, or has a password which the attacker has determined, and
allows the attacker to download, upload and execute files quickly and easily.
<<back |