Remote administration tool
||This article's tone or style may not reflect the encyclopedic tone used on Wikipedia. (January 2012) (Learn how and when to remove this template message)|
A remote administration tool (RAT) is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.
Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)".
RAT trojan horses
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file (often called a client or stub) must be opened on the victim's computer before the hacker can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads, and are usually disguised as a legitimate program or file. Many clients/stubs will display a fake error message when opened, to make it seem like it didn't open. A well-designed RAT will allow the operator the ability to do anything that they could do with physical access to the machine.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's Day or a holiday. Prank RATs are generally not harmful, and won't log keystrokes or store information about the system on the computer. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, or swap mouse buttons.
Notable RAT software and trojans
- Back Orifice
- Sub Seven
- Beast Trojan
- Optix Pro
- "Remote Server Administration Tools for Windows 7". Microsoft Technet June 4, 2009. Retrieved 4 February 2011.,
- "Danger: Remote Access Trojans". Microsoft technet September 2002. Retrieved 5 February 2011.
- "Understanding the Windows NT Remote Access Service". Microsoft technet date undisclosed. Retrieved 5 February 2011.
- "Netsh commands for remote access (ras)". Microsoft technet January 21, 2005. Retrieved 5 February 2011.
- "RAS Registry Modification Allowed Without Administrative Rights". Microsoft technet date undisclosed. Retrieved 5 February 2011.
- "Computer RATS - Protecting Your Self". HowTheyHack July 2013. Retrieved 17 July 2013.
- "Code Access Security and bifrost". Coding hooro.com Mar 20, 2007. Retrieved 5 February 2011.
- "BlackShades: Arrests in computer malware probe". BBC. Retrieved 20 May 2014.
- "Remarks Prepared for Delivery by Special Agent in Charge Leo Taddeo at Blackshades Press Conference". FBI. Retrieved 20 May 2014.
- Denbow, Shawn. "pest control: taming the rats" (PDF). Retrieved 5 March 2014.
- Aylward, Laura. "MALWARE ANALYSIS - DARK COMET RAT". Context. Retrieved 5 March 2014.
- "Backdoor.Lanfiltrator". Symantec date undisclosed. Retrieved 5 February 2011.