Remote administration tool
Encyclopedia
A Remote Administration Tool (a RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing
and remote administration
have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victims knowledge, often as payload of a Trojan horse
, and will try to hide its operation from the victim and from security software
.
The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities:
Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)".
A diagram is shown below which illustrates the remote administrator as the "client" connected to multiple "server" computers that are performing various functions:
" software usually "blocks" this type of invasive software. However, experienced computer software programmers have developed sophisticated programs to "bypass" typical firewall software. There is a continual process to produce counter measures against such intrusive software programs.
Security is an important factor when choosing a remote support solution for any enterprise. Gone are the days where security was just a matter of the highest degree of encryption. Today, a truly secure remote support solution will allow organizations to centrally control who can do what and where safe in the knowledge that when each remote session has finished it should be able to document what actually took place.
For systems in environments that need to meet and maintain compliance requirements, remote administration software must have strict security control. Software like Netop Remote Control
10 is able to exceed the toughest security standards including PCI DSS
, ISO 27001
, FIPS
and HIPAA.
It is necessary to examine the remote control software functionality that best serves organizations that need a highly secure tool that crosses all platforms and devices and is completely scalable in any environment. It will help IT professionals select a remote control solution that increases productivity and customer satisfaction, as well as enhances the flexibility of the IT organization and improves the company’s risk profile.
software. Even if you have full control over a computer with a RAT, most people will disagree with you if you say you are hacking by trying one out. Thats only Remote Controling. RAT trojans can generally do the following:
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
Desktop sharing
Desktop sharing is a common name for technologies and products that allow remote access and remote collaboration on a person's computer desktop through a graphical Terminal emulator.The most common two scenarios for desktop sharing are:* Remote log-in...
and remote administration
Remote administration
Remote administration refers to any method of controlling a computer from a remote location.Software that allows remote administration is becoming increasingly common and is often used when it is difficult or impractical to be physically near a system in order to use it, or in order to access web...
have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victims knowledge, often as payload of a Trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
, and will try to hide its operation from the victim and from security software
Security software
Security software is a generic term referring to any computer program or library whose purpose is to secure a computer system or computer network. Types of security software include:* Antivirus software* Anti keylogger* Cryptographic software...
.
The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities:
- Screen/camera capture or image control
- File management (download/upload/execute/etc.)
- Shell control (from command prompt)
- Computer control (power off/on/log off if remote feature is supported)
- Registry management (query/add/delete/modify)
- Other software product-specific functions
Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)".
Reverse Connection
In this mode of operation remote computer(s) acts as the "Host" for the RAT software, for the "client" remote administrator to control. RATs that use this method of connectivity have the following operational advantages.- Outgoing connections are generally perceived as less threatening to the remote "host" user, as it is the remote user who activates the download of the remote administration tool software. This procedure usually allows the software tool to avoid being blocked by a firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
, such as used in a router device. - Since the remote "host" computer itself is connecting to the remote administrator, it will not be necessary for the remote administrator to know the remote "host" computers IP addressIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
to send the software tool. - The remote administration tool also allows for mass-distribution across a computer network if this facility is required.
A diagram is shown below which illustrates the remote administrator as the "client" connected to multiple "server" computers that are performing various functions:
Func Func
\ / Func Func
[SERVER] \ /
| [SERVER]
| /
| /
| / Func Func
| / \ /
[CLIENT]------[SERVER]
Direct connection
It is possible to remotely install a piece of software on a computer with the intention of taking control of that computer without the legitimate operator becoming aware of it. This connection type can normally only be made if the remote computer operator has the I.P address of the computer required to be controlled. Most "firewallFirewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
" software usually "blocks" this type of invasive software. However, experienced computer software programmers have developed sophisticated programs to "bypass" typical firewall software. There is a continual process to produce counter measures against such intrusive software programs.
Security is an important factor when choosing a remote support solution for any enterprise. Gone are the days where security was just a matter of the highest degree of encryption. Today, a truly secure remote support solution will allow organizations to centrally control who can do what and where safe in the knowledge that when each remote session has finished it should be able to document what actually took place.
For systems in environments that need to meet and maintain compliance requirements, remote administration software must have strict security control. Software like Netop Remote Control
Netop Remote Control
Netop Remote Control is a product of Netop Business Solutions A/S. It provides solutions for the remote management and support of enterprise IT infrastructure, help desk, customer service, kiosk and POS devices...
10 is able to exceed the toughest security standards including PCI DSS
PCI DSS
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
, ISO 27001
ISO/IEC 27001
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
, FIPS
Federal Information Processing Standard
A Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
and HIPAA.
It is necessary to examine the remote control software functionality that best serves organizations that need a highly secure tool that crosses all platforms and devices and is completely scalable in any environment. It will help IT professionals select a remote control solution that increases productivity and customer satisfaction, as well as enhances the flexibility of the IT organization and improves the company’s risk profile.
RAT Trojan Horses
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewallFirewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
software. Even if you have full control over a computer with a RAT, most people will disagree with you if you say you are hacking by trying one out. Thats only Remote Controling. RAT trojans can generally do the following:
- Block mouse and keyboard
- Change your desktop wallpaper
- Download, upload, delete, and rename files
- Drop viruses and worms
- Edit Registry
- Format drives
- Grab passwords, credit card numbers
- Hijack homepage
- Hide desktop icons, taskbar and files
- Log keystrokes, keystroke capture software
- Open CD-ROM tray
- Overload the RAM/ROM drive
- Print text
- Play sounds
- Randomly move and click mouse
- Record sound with a connected microphone
- Record video with a connected webcam
- Shutdown, Restart, Log-Off, Shutdown monitor
- Steal Passwords
- View screen
- View, kill, and start tasks in task manager
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
Typical RAT Software and Trojans
- Back OrificeBack OrificeBack Orifice is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a word play on Microsoft BackOffice Server software.Back Orifice was designed with...
- Bifrost
- BandookBandookBandook Rat is a backdoor trojan horse that infects Windows NT family systems . It uses a server creator, a client and a server to take control over the remote computer...
RAT - Blackshades Remote Controller
- Cerberus RAT
- Cybergate
- Paradox Remote Administration Tool
- Poison Ivy
- Darkcomet-RAT
- Sub Seven (Sub7Sub7Sub7, or SubSeven or Sub7Server, is the name of a Remote Administration Tool program. Its name was derived by spelling NetBus backwards and swapping "ten" with "seven"....
) - TeamViewerTeamViewerTeamViewer is a computer software package for remote control, desktop sharing, and file transfer between computers. The software operates with the Microsoft Windows, Mac OS X, Linux, iOS, and Android operating systems. It is possible to access a machine running TeamViewer with a web browser...
- NetCAR
- Netop Remote ControlNetop Remote ControlNetop Remote Control is a product of Netop Business Solutions A/S. It provides solutions for the remote management and support of enterprise IT infrastructure, help desk, customer service, kiosk and POS devices...
- Netop OnDemand
- Netop Mobile & Embedded
- Y3k RAT
- Optix ProOptix ProOptix Pro is a configurable remote access tool or Trojan, similar to SubSeven or BO2KOptix Pro is far more sophisticated and lethal than its predecessors. It has the ability to kill most of the firewall and anti-virus products which exist today....
- LANfiltrator