The process can send the intruder (aka the originator) an email message announcing its latest takeover success or contact a hidden Internet chat channel with a broadcast of the exploited PC's IP address. After defining the server executable's behavior, the intruder generates the program, then tricks the host machine's owner into running it. (Intruders can use a program called a binder to combine RATs with legitimate executables so that the RATs execute in the background while the legitimate applications run, leaving victims unaware of the scurrilous activities.) In many cases, intruders can customize the server program: set IP port numbers define when the program starts, what it's called, how it hides, and whether it uses encryption customize logon passwords and determine when and how the program communicates. Intruders ultimately launch the server program on a victim's machine by binding the installing component to some other legitimate program. Most RATs come in client and server components. Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.
Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. On a basic level, many RATs mimic the functionality of legitimate remote control programs such as Symantec's pcAnywhere but are designed specifically for stealth installation and operation. RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. To protect yourself, become familiar with the types of RATs, how they work, and how to detect and prevent these pests. RATs are more dangerous than all other types of malicious code.
If they'd been more sophisticated, they could have gathered confidential financial information from my client's computer and network. In this case, the malicious intruders were kids who seemed more interested in causing online problems and trading pornography than in doing real damage. After I severed his Internet connection and followed my typical malicious software (malware)-hunting steps, I located the culprits: two Remote Access Trojans (RATs)-the infamous Cult of the Dead Cow's Back Orifice and the lesser-known The Thing. My client's PC had been experiencing strange symptoms that included slow performance, a CD-ROM tray that opened and closed at random, strange error messages, and inverted screen images.
0 kommentar(er)
