HomeRemote Administrator Tool
Page 1 of 1
Remote Administrator Tool
by Admin Wed Dec 11, 2013 4:31 am
A remote access tool (a RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.
The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities:[1]
Screen/camera capture or image control[2]
File management (download/upload/execute/etc.)[3]
Shell control (from command prompt)[4]
Computer control (power off/on/log off if remote feature is supported)
Registry management (query/add/delete/modify)[5]
Hardware Destroyer (overclocker)[6]
Other software product-specific functions
Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)".
Notable RAT software and trojans:
Back Orifice
Bandook RAT
Bifrost[7]
LANfiltrator[8]
Optix Pro
ProRat
Sub Seven (Sub7)
Y3K Remote Administration Tool
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following:
Block mouse and keyboard
Change your desktop wallpaper
Download, upload, delete, and rename files
Destroy hardware by overclocking
Drop viruses and worms
Edit Registry
Use your internet to perform distributed denial of service attacks (DDoS)
Format drives
Grab passwords, credit card numbers
Hijack homepage
Hide desktop icons, taskbar and files
Install software
Log keystrokes, keystroke capture software
Open CD-ROM tray
Overload the RAM/ROM drive
Print text
Play sounds
Control mouse or keyboard
Record sound with a connected microphone
Record video with a connected web cam
Show fake errors
Shutdown, restart, log-off, shut down monitor
Steal passwords
View screen
View, kill, and start tasks in task manager
A well designed RAT will allow the operator the ability to do anything that they could do with physical access to the machine. Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's Day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or store information about the system on the computer. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons.
The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities:[1]
Screen/camera capture or image control[2]
File management (download/upload/execute/etc.)[3]
Shell control (from command prompt)[4]
Computer control (power off/on/log off if remote feature is supported)
Registry management (query/add/delete/modify)[5]
Hardware Destroyer (overclocker)[6]
Other software product-specific functions
Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)".
Notable RAT software and trojans:
Back Orifice
Bandook RAT
Bifrost[7]
LANfiltrator[8]
Optix Pro
ProRat
Sub Seven (Sub7)
Y3K Remote Administration Tool
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following:
Block mouse and keyboard
Change your desktop wallpaper
Download, upload, delete, and rename files
Destroy hardware by overclocking
Drop viruses and worms
Edit Registry
Use your internet to perform distributed denial of service attacks (DDoS)
Format drives
Grab passwords, credit card numbers
Hijack homepage
Hide desktop icons, taskbar and files
Install software
Log keystrokes, keystroke capture software
Open CD-ROM tray
Overload the RAM/ROM drive
Print text
Play sounds
Control mouse or keyboard
Record sound with a connected microphone
Record video with a connected web cam
Show fake errors
Shutdown, restart, log-off, shut down monitor
Steal passwords
View screen
View, kill, and start tasks in task manager
A well designed RAT will allow the operator the ability to do anything that they could do with physical access to the machine. Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's Day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or store information about the system on the computer. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons.
Admin- Admin
- Posts : 107
Join date : 2013-12-07
Age : 40
Location : United Kingdom -
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum