Thursday, February 18, 2010
The methodology of administrating a remote system using the free ports available is the basic outline. To get closer to this idea need to use some technical terms so catch out gooaling habit mean while...
RATs that utilize reverse connection have a few major advantages, such as the ones listed below.
Outgoing connections generally are less treating, and are less likely to be detected or blocked by a firewall, such as a router.
Since the victim's computer is connecting to the remote administrator, he or she will not need to know the victim's IP address in order to connect.
The remote administrator does not need to know to which or how many computers the RAT is being installed on, which allows for mass-distribution.
If mass-distributed, it is much easier to keep track of the computers the RAT is installed on, since they are all "calling home" by connecting to the remote administrator.
RAT Trojan Horses
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following:
Download, upload, delete, and rename files
Open CD-ROM tray
Drop viruses and worms
Log keystrokes, keystroke capture software
Hack passwords, credit card numbers
View, kill, and start tasks in task manager
Hide desktop icons, taskbar and files
Randomly move and click mouse
Record sound with a connected microphone
Record video with a connected webcam
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
Posted by Arvindhan Aryan at 6:53 AM