Remote Administration Tool (RAT)

A remote administration tool (RAT) is a software that allows a remote “operator” to control the RAT infected victim’s system.RAT software is usually associated with malicious activity.it is installed without the victim’s knowledge and it hide its operation from the victim and from security software.

RAT provides an operator the following capabilities.

1.Screen/camera capture or image control
2.File management (download/upload/execute/etc.)
3.Shell control (from command prompt)
4.Computer control (power off/on/log off if remote feature is supported)
5.Registry management (query/add/delete/modify)
6.Hardware Destroyer (overclocker)
7.Other software product-specific functions

RAT Trojan Horse

Most of the trojan and backdoors now have remote administration capabilities allowing an attacker to control the victim’s computer,in most of the cases,victim must open the file before the attacker can have access to it which are generally sent through email,P2P file sharing and through internet downloads.

RAT trojans can generally do the following things.

1.Block mouses and keyboards
2.Change the desktop wallpapers
3.Downloads, uploads, deletes, and rename files
4.Destroys hardware by overclocking
5.Drop viruses and worms
6.Edit Registry
7.Use your internet to perform denial of service attacks (DoS)
8.Format drives
9.Steal passwords, credit card numbers
10.Alter your web browsers homepage
11.Hide desktop icons, task bar and files
12.Silently install applications
13.Log keystrokes, keystroke capture software
14.Open CD-ROM tray
15.Overload the RAM/ROM drive
16.Send message boxes
17.Play sounds
18.Control mouse or keyboard
19.Record sound with a connected microphone
20.Record video with a connected webcam
21.Show fake errors
22.Shutdown, restart, log-off, shut down monitor
23.Record and control victim’s screen remotely
24.View, kill, and start tasks in task manager

A well-designed RAT will allow an attacker to do anything that they can do with the physical access to the system.,while some RAT trojans are pranks(not harmfull) which won’t log keystrokes or store information about the system.

SOME RAT SOFTWARE AND TROJANS..

1.Back orifice
2.NetBus
3.iControl
4.Sub Seven
5.Beast Trojan
6.Bifrost
7.Blackshades
8.Darkcormet
9.LANfiltrator
10.Optix Pro

RAT trojans will display a fake error message when opened to make it seem like it didn’t open.some will also disable antivirus,firewall and other security software.

Posted by Shubham ;)