Sunday, January 17, 2016

What is a Remote Access Trojan or RAT ?

A Remote Access Trojan or RAT Trojan is a malware that infects a remote computer and allows a remote attacker to control the computer for malicious purposes. It is typically installed in a computer secretly, without the user's knowledge and hides its operation from the security software installed in the computer.

Normally, these RAT Trojans infect a computer through clicking on a malicious link, internet downloads or Peer-to-Peer File Sharing software. They disguise as a legitimate program or file. After infecting a computer, a file or stub is opened in victim's computer and the attacker gets control of the computer. Normally, the file may not create much suspicion. On clicking on it, it may just show an error message indicating it did not open.

How does a RAT give unauthorized access of a computer to the attacker

RAT is a malware program. So, like other malware programs it infects a computer using trickery. It usually disguises itself as something desirable and harmless and convinces the innocent user to install it.

RAT may come as an email attachment or it can get installed in a computer along with some other software, may be with an attractive video game from an untrusted source or may even be with a rogue anti-malware program, which fraudulently indicates that the computer already has lots of other malware and convinces the user to install it.

After infecting the computer, the RAT malware connects back to the attacker remotely. And, as the malware program has remote administrative capability, it gives complete unauthorized access of the computer to the attacker.

The attacker is now free to control the computer from a remote location and exploit it for malicious purposes.

What all actions can RAT Trojans perform ?

Once infecting the computer, RAT Trojans can do the following :

  • Block mouses and keyboards
  • Change the desktop wallpaper
  • Upload or download or destroy files and other data
  • Increase clock rate of the system and destroy hardware
  • Infect the computer with more malware
  • Use the computing resources of the computer to perform illegitimate actions like DoS attacks
  • Format drives
  • Spy on the user and steal sensitive data like passwords and credit card numbers
  • Change browser's settings
  • Install other malicious software silently
  • Install Keyloggers
  • Control mouse and keyboard
  • Use microphone or webcam connected with the computer to record sounds or videos
  • Capture screens to steal sensitive data
  • Shutdown or restart computer unwantedly
  • Control the task manager in the computer

One popular example of RAT Trojan is Back Orifice. It targeted Microsoft Windows computers and infected lots of computers to control those computers and steal sensitive data.

How to prevent RAT Trojans ?

We can take a couple of steps to prevent these RAT Trojans.

  • Do not click on suspicious links.
  • Download and install software from trusted sources only.
  • Keep your computer updated with a trusted anti-malware program.
  • Keep your browser and other commonly used software updated with recent patches. Most of the cases, these malware infect a computer exploiting security vulnerabilities of commonly used software. Recent patches help us to resolve those vulnerabilities.
  • Keep your Operating System updated with recent patches, for the same reason as mentioned above.

So, be informed about all security threats so that you can protect your computer in a better way and stay safe, stay protected.

No comments:

Post a Comment