RAT’s in the Machine

RAT’s in the Machine

Abstract Wavey Lines

RAT’s are one of the most common forms of Cyber Attack, and pretty difficult to find if you have one.  They are designed to provide the attacker with complete control over the compromised computer or computer system. They can be used to steal information, to spy on victims, and remotely control computers.  RAT infections are normally brought on by spear phishing and social engineering attacks. Although RAT’s have been around for a long time, they are still tough for even the most advanced IT Professional to find.

RAT’s are able to open actual network ports on the effected machines, which is a normal operation, so it doesn’t present as a problem to security software. Random Access Trojans are also able to mimic real and commonly used commercial remote administration tools. This can cause the actions to appear as though they are being caused by an actual administrator, so it is often not even questioned until it is too late.

Some Random Access Trojans have interesting names, but that doesn’t make them any less dangerous. The following 3 RAT’s are among the most common and have very specific purposes.

The Dark Comet RAT gives administration capabilities of the infected machine to the attacker. It was first identified in 2011 and still infects thousands of computers without being detected. Dark Comet uses Crypters to hide it existence from antivirus tools. It performs several malicious administrative tasks such as disabling Task Manager, Windows Firewall, and Windows UAC.

The Alien Spy RAT targets Apple OS X platforms which only uses traditional protection such as antivirus. This RAT collects system information, can activates webcams, establishes secure connections with the C&C server , and provides full access to the infected computer. That’s some scary stuff!

Last, but not least, the HeseberBOT RAT uses Virtual Networking Computing (VNC) as part of its operation. Since VNC is a real remote administration tool, this allows it to remain undetected by antivirus software. HesberBOT then uses uses VNC to transfer files and provide control over the infected machine.

So, which rats are you more concerned about? Be careful out there! Don’t forget to call Businets when you need IT help!