Remote administration tool
From Wikipedia, the free encyclopedia
 |
This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (October 2007) |
A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:
- Screen/camera capture or control
- File management (download/upload/execute/etc.)
- Shell control (usually piped from command prompt)
- Computer control (power off/on/log off)
- Registry management (query/add/delete/modify)
- Other product-specific function
Contents |
[edit] Direct Connection
A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability. A diagram below is shown to better illustrate the concept (func = function):
[Client]
| [Client]
| /
| /
| /
| /
[Server]-----[Client]
[edit] Reverse Connection
Reverse connection RATs are a new technology that came around about the same time that routers became popular. A few advantages of a reverse-connection RAT are listed below:
- No problems with routers blocking incoming data, because the connection is started outgoing for a server
- Allows for mass-updating of servers by broadcasting commands, because many servers can easily connect to a single client.
A diagram is shown below (note, it is basically the reverse of direct connection-type RATs:
Func Func
\ / Func Func
[SERVER] \ /
| [SERVER]
| /
| /
| / Func Func
| / \ /
[CLIENT]-----[SERVER]
[edit] RAT Trojan Horses
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following:
- Download, upload, delete, and rename files
- Format drives
- Open CD-ROM tray
- Drop viruses and worms
- Log keystrokes
- Hack passwords, credit card numbers
- Hijack homepage
- View screen
- View, kill, and start tasks in task manager
- Hide desktop icons, taskbar and files
- Print text
- Play sounds
- Randomly move and click mouse
- Record sound with a connected microphone
- Record video with a connected webcam
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
[edit] Popular RAT trojans
- Bandook
- ProRAT
- SpyRAT -> 1st
- HackRAT -> 2nd
- Netbos
- Optixe
- AutoSpY -> 3rd
- Nclear
- Amituer
- Bandk
- Yuru RAT
- Y3k RAT
- slha RAT
- Openx RAT
- Poison IVY RAT
- SubSeven RAT
- Nuclear RAT
[edit] Popular RAT pranks
[edit] See also
- Government Security — Network security articles and hacking prevention resources for the government and general public.
- Wilders Security Forums — Large discussion forums regarding remote administration tools and other aspects of computer security. Official discussion forums of many security products such as NOD32, Ewido and Ghost Security's RegDefend.
