RATS:Remote Administration Tools & Spying on Remote PC

Have you ever noticed your CD/DVD drive ejecting automatically,Taskmanager showing error,folder options not working,Anti-Virus crippled ,Unkown listening ports,unwanted messages poping up or windows restarting on its own?.....lol then its a great worry for you because you are infected by trojan(RATs) and someone may be spying on you...lol.


What are RATs?
Remote Administration Tools/Remote Administration Trojans are abbreviated as RATS.These are also called as backdoor  tools because they enter to the box of the victim with out his knowledge just like a  a thief enters our house without our knowledge so,the name backdoor is assigned to it.Once the tool is installed on the victim's box  then the attacker has full or administrative privileges over it,by it i mean to say the attacker can do all the tasks that the victim himself  does in his box.

Tasks performed by  RATs.

1.Screen logging,Keylogging,Web logging,Clipboard logging.

2.File control

3.Registry control

4.PC control.(Format the hard disk,Shut down/Restart the PC,Lock the PC )

5.and other application related functions.

Now i feel you all are quite familiar with the functionality of RATS.
So,lets discuss few fundamentals......
Note:Click on the images to zoom them.
1.A RAT has two part  ie. a client and a server.The server is  installed in the victim's box and client part is used by the attacker.

2.A FTP(File Transfer Protocol) service is needed.Lets see how to get that.....
I would recommend to use  http://www.drivehq.comFirst sign-up to it.

In the FTP services settings of RATs  the url used is http://ftp.drivehq.com. and the "Username" and "Password" is same as that used during sign-up to drivehq.com
The data stolen by the RAT is stored in the log folder as mentioned in the image so, the same "log" directory has to be mentioned in the FTP settings of the RAT while installing the server.

3.For installing a server few RATS require a Dynamic service. I would recommend to use No-IP.Com
and setup a host in it as shown in the image below.

After Sign-up then a host is added as shown in the image below.


A  desktop client called  "No-IP DUC" is to be used to keep track of the updates.(Download)

4.Lastly after the server is ready a Binder and Crypter is needed to make it Full UnDetectable(FUD).This portion will be covered in detail in my later posts.


COUNTERMEASURES:

1.An  Anti-logger is must,i would recommend "ZEMANA" anti-logger.
2.Use a good firewall,i would recommend "ZoneAlarm" and Anti-virus I use Avira premium security suite,which is the best.

3.When testing RATS  use it in a virtual environment like Sandoxie , Virtual Box , VMware.

4.Look out for unwanted open ports.To see it open up command prompt and type in
"netstat -a -o -n",the ports those are marked "Listening" are open.There are few ports which are for particular type of Trojans.(DOWNLOAD)  the list.

5.Scan a file with Dr.Web Link Checker before downloading.

6.A file less than 20mb can be scanned online with Multi-Engine Anti-Virus  provided by  noVirusthanks.org

I hope this will help you to get  a fundamental idea about RATS.
If you find this worth reading then do drop a comment,it will be appreciated..... :)

IF YOU FIND THIS BLOG WORTH READING THEN DO "VOTE" FOR IT........Click here to Vote!
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 3 comments:

David on July 30, 2010 at 3:59 AM said...

Nice site :-). Thanks for the comment, for some reason it went into spam and by habit clicked delete right before I noticed your comment.

Saif on July 31, 2010 at 8:40 PM said...

very informative posts , i knew a little about rats and nice blog

Satyajit Das(Admins) on July 31, 2010 at 10:47 PM said...

@David Welcome...nice to see you here.... :)

@Saif Thanks for visiting...:)

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates