Rat
A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:
Screen/camera capture or control
File management (download/upload/execute/etc.)
Shell control (usually piped from command prompt)
Computer control (power off/on/log off)
Registry management (query/add/delete/modify)
Other product-specific function
Direct Connection
A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability. A diagram below is shown to better illustrate the concept
Reverse connection RATs are a new technology that came around about the same time that routers became popular. A few advantages of a reverse-connection RAT are listed below:
No problems with routers blocking incoming data, because the connection is started outgoing for a server
Allows for mass-updating of servers by broadcasting commands, because many servers can easily connect to a single client.
RAT Trojan Horses
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the Trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened; to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT Trojans can generally do the following:
Download, upload, delete, and rename files
Format drives
Open CD-ROM tray
Drop viruses and worms
Log keystrokes
Hack passwords, credit card no.
Hijack homepage
View screen
View, kill, and start tasks in task manager
Hide desktop icons, taskbar and files
Print text
Play sounds
Randomly move and click mouse
Record sound with a connected microphone
Record video with a connected webcam
Some RAT Trojans are pranks that are most likely being controlled by a friend or enemy on April fool’s day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do wimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
Popular RAT Trojans
ProRat
AutoSpY
Nuclear RAT
Amitus
Bandook
Bifrost
Poison Ivy
Optix.Pro
