Remote Administration Trojans (RATs)
The world of malicious software is often divided into two types: viral and nonviral. Viruses are little bits of code that are buried in other codes. When the "host" codes are executed, the viruses replicate themselves and may attempt to do something destructive. In this, they behave much like biological viruses.Worms are a kind of computer parasite considered to be part of the viral camp because they replicate and spread from computer to computer.
What? Rats? Those pesky black things that always cause damage in the house. Very cute to look still very destructive all the same. This is supposed to be a site on Internet Security not household and pest management. So why all this here?
Put your thoughts aside for a while and let me continue. I am not talking about the above rats. This is in continuation on what the uninitiated call as Trojans which I had hinted upon in my earlier article and what the refined call as Remote Administrative Tools or RATS. Trojans can be very destructive if you're not careful. So tighten your seat belts as we gear up for take-off.
To define Trojans, we refresh our knowledge of a virus. A virus is a self-replicating piece of code designed to cause damage or irritation. Trojans assume much greater risk proportions. As the name RATS suggest, they allow a remote user to operate your PC sitting thousands of miles away via the Internet. Surprised? No need to be. The Internet today imparts such power that even a lame user can do this to you.
Note: Lame means a user possessing limited knowledge. In other words, a naive user, not a professional.
Evolution
Every thing has a beginning. This is the most basic principle of evolution. Trojans evolved from what can be termed as an exploitation of a basic administrative need. When Internet began to spread its wings in late 90s, corporations found the regional barriers too small for comfort. They wanted to expand their horizons. For this, they needed a software which could help in remote management of resources. Wherein a person can manage all the company resources spread across the world. Microsoft, as it always does, recognized this need and came up with a software package Microsoft Back Office.
The Underground was quick to pounce upon this thought. It is a fundamental rule in computing (or for anything) that Nothing is perfect. There are always some loopholes left open for exploitation. The Underground came up with what can be branded as the first Trojan known as Back Orifice (a lash at Microsoft). This had limited remote administrative powers still it pioneered the Underground in this direction. Today Back Orifice remains as one of the all-time powerful Trojan. It is managed by Cult Of Dead Cow (www.cultofdeadcow.com). Many soon followed suite and the next popular one was Netbus.
Today, Trojans impart a lot of power and are extremely easy to use. In the next article, we will try to classify Trojans based on their remote administrating prowess. Till then adieu.
Trojans-The Beginning Read on to know more about the supreme tool of novice and advanced hacking. The tool that got through Microsoft's defense. One that can create havoc on your PC also. This is just the beginning.
Type of RATS
In the last article, I had introduced you to the concept of trojans or RATs. Today I'll try to go a bit deep in this subject. This topic has got the potential to be a deeply engrossing one. So try to follow the basic concepts and then you can actually try your hand at playing God (for educational purpose, of course).
I'll start this article with the ways a trojan may get activated on an infected PC. The article will also try to classify the different types of trojan based on the basic function they perform.
Most trojans create some file in the WINDOWS\SYSTEM directory. The file will be something that will fool the victim in thinking that it is a normal windows executable. Most trojans hide from the Ctrl+Alt+Del menu. This is because there are people who use this way to see which process are running in the system. There are programs that will tell me you exactly the process and the file from where it comes from. But some trojans fake names and it's a bit hard for some people to understand which process should be terminated. The remote access trojans opens several ports on your PC. These allow any remote user to connect to your PC and create havoc.
Note: Ports are logical, theoretical and virtual connection points for a PC on any network. Inherent part of TCP/IP. Will be discussed in detail later.
Different types of trojans are:
Password Sending Trojans
The purpose of these trojans is to rip all cached passwords and send them to specified e-mail without letting the victim know about the e-mail. Most of these trojans don't start on every system startup and most of them use port 25 to send the e-mail. There are such trojans that e-mail other information too like ICQ number, computer info and so on. These trojans are dangerous if you have any passwords cached anywhere on your computer.
Keyloggers
These trojans are very simple. The only one thing they do is to log the keys that the victim is pressing and then check for passwords in the log file. In the most cases, these trojans restart every time Windows is loaded. They have options like online and offline recording. In the online recording they know that the victim is online and record everything typed in. But in the offline recording everything written after Windows start is recorded and saved on the victims disk waiting to be transferred.
Destructive
The only one function of these trojans is to destroy and delete files. This makes them very simple and easy to use. They can automatically delete all your .dll or .ini or .exe files on your computer. These are very dangerous trojans and once you're infected, be sure of the fact that if you don't disinfect your computer soon, soon you will a good-for-nothing machine.
FTP trojans
These trojans open port 21 on your computer letting everyone having a FTP client to connect to your computer without password with full upload and download options.
These are the most common trojans. They all are dangerous and you should me careful while using them (if you do). Next time we will see different ways via which you can be infected by a trojan. Further we will also see preventive measures.Source URL: http://gbejadacosta.blogspot.com/2010/11/remote-administration-trojans-rats.html
Visit Gbejada Costa for Daily Updated Hairstyles Collection