RATS:Remote Administration Tools & Spying on Remote PC

Have you ever noticed your CD/DVD drive ejecting automatically,Taskmanager showing error,folder options not working,Anti-Virus crippled ,Unkown listening ports,unwanted messages poping up or windows restarting on its own?.....lol then its a great worry for you because you are infected by trojan(RATs) and someone may be spying on you...lol.


What are RATs?
Remote Administration Tools/Remote Administration Trojans are abbreviated as RATS.These are also called as backdoor  tools because they enter to the box of the victim with out his knowledge just like a  a thief enters our house without our knowledge so,the name backdoor is assigned to it.Once the tool is installed on the victim's box  then the attacker has full or administrative privileges over it,by it i mean to say the attacker can do all the tasks that the victim himself  does in his box.

Tasks performed by  RATs.

1.Screen logging,Keylogging,Web logging,Clipboard logging.

2.File control

3.Registry control

4.PC control.(Format the hard disk,Shut down/Restart the PC,Lock the PC )

5.and other application related functions.

Now i feel you all are quite familiar with the functionality of RATS.
So,lets discuss few fundamentals......
Note:Click on the images to zoom them.
1.A RAT has two part  ie. a client and a server.The server is  installed in the victim's box and client part is used by the attacker.

2.A FTP(File Transfer Protocol) service is needed.Lets see how to get that.....
I would recommend to use  http://www.drivehq.comFirst sign-up to it.

In the FTP services settings of RATs  the url used is http://ftp.drivehq.com. and the "Username" and "Password" is same as that used during sign-up to drivehq.com
The data stolen by the RAT is stored in the log folder as mentioned in the image so, the same "log" directory has to be mentioned in the FTP settings of the RAT while installing the server.

3.For installing a server few RATS require a Dynamic service. I would recommend to use No-IP.Com
and setup a host in it as shown in the image below.

After Sign-up then a host is added as shown in the image below.


A  desktop client called  "No-IP DUC" is to be used to keep track of the updates.(Download)

4.Lastly after the server is ready a Binder and Crypter is needed to make it Full UnDetectable(FUD).This portion will be covered in detail in my later posts.


COUNTERMEASURES:

1.An  Anti-logger is must,i would recommend "ZEMANA" anti-logger.
2.Use a good firewall,i would recommend "ZoneAlarm" and Anti-virus I use Avira premium security suite,which is the best.

3.When testing RATS  use it in a virtual environment like Sandoxie , Virtual Box , VMware.

4.Look out for unwanted open ports.To see it open up command prompt and type in
"netstat -a -o -n",the ports those are marked "Listening" are open.There are few ports which are for particular type of Trojans.(DOWNLOAD)  the list.

5.Scan a file with Dr.Web Link Checker before downloading.

6.A file less than 20mb can be scanned online with Multi-Engine Anti-Virus  provided by  noVirusthanks.org

I hope this will help you to get  a fundamental idea about RATS.
If you find this worth reading then do drop a comment,it will be appreciated..... :)

IF YOU FIND THIS BLOG WORTH READING THEN DO "VOTE" FOR IT........Click here to Vote!
RATS:Remote Administration Tools & Spying on Remote PC RATS:Remote Administration Tools & Spying on Remote PC Reviewed by Satyajit (Admins,a.k.a Satosys) on Friday, July 23, 2010 Rating: 5

3 comments:

David said...

Nice site :-). Thanks for the comment, for some reason it went into spam and by habit clicked delete right before I noticed your comment.

Saif said...

very informative posts , i knew a little about rats and nice blog

Satyajit (Admins,a.k.a Satosys) said...

@David Welcome...nice to see you here.... :)

@Saif Thanks for visiting...:)

Powered by Blogger.