RAT trojan horses
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also disable antivirus and firewall software. RAT trojans can generally do the following: - Block mouse and keyboard
- Change the desktop wallpaper
- Download, upload, delete, and rename files
- Destroy hardware by overclocking
- Drop viruses and worms
- Edit Registry
- Use your internet to perform denial of service attacks (DoS)
- Format drives
- Steal passwords, credit card numbers
- Alter your webbrowsers homepage
- Hide desktop icons, taskbar and files
- Silently install applications
- Log keystrokes, keystroke capture software
- Open CD-ROM tray
- Overload the RAM/ROM drive
- Send messageboxes
- Play sounds
- Control mouse or keyboard
- Record sound with a connected microphone
- Record video with a connected webcam
- Show fake errors
- Shutdown, restart, log-off, shut down monitor
- Record and control victim's screen remotely
- View, kill, and start tasks in task manager
A well-designed RAT will allow the operator the ability to do anything that they could do with physical access to the machine. Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's Day or a holiday. Prank RATs are generally not harmful, and won't log keystrokes or store information about the system on the computer. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, or swap mouse buttons.
Notable RAT software and trojans
No comments:
Post a Comment