Friday, 18 November 2011

WHAT IS A RAT – REMOTE ADMINISTRATIVE TOOL

A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.

What can RAT do?
With a RAT, you can make the party download files, view their desktop/webcam, and more. Here is a list of basic features of a popular RAT:
* Manage files
* Control web browser (Change homepage, open site etc.)
* Get system information (OS Version, AV name, Ram Memory, Computer name etc.)
* Get passwords, credit card numbers or private data etc.
* View and remote control desktop
* Record camera & sound
* Control mouse
* Delete, rename, download, upload or move files
Are RATs Illegal?
Some RATs are legal, and some are not. Legal are the one without backdoor left, and they have ability to close connection anytime. Illegal are used for hacking and they can steal data (Credit Cards, Passwords, private data etc.).
Here is a list of some Legal and Illegal RATs:
Legal:
* TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
* UltraVNC – Remote support software for on demand remote computer support. VNC.Specializing in Remote Computer Support, goto my pc, goto assist, Remote Maintenance
* Ammyy Admin – Ammyy Admin is a highly reliable and very friendly tool for remote computer access. You can provide remote assistance, remote administration or remote
* Mikogo – Mikogo is an Online Meeting, Web Conferencing & Remote Support tool where you can share your screen with 10 participants in real-time over the Web.
Illegal:
* Spy-Net
* Cerberus Rat
* CyberGate Rat
* SubSeven
* Turkojan
* ProRat
Darkcomet

How do I use these RATs?
For the legal RATs, for example, TeamViewer, give the other party your ID and password (the one who is getting viewed gives the other the information). The other connection then puts the ID. You then have many options to choose from, which are self explanatory (once connected).
For the illegal Rats, you need to portforward it to listen onto a port. You then need to build a server, spread it to others, they run your program, and they’re infected.

How do I port forward?
Port forwarding is easy and important for an illegal RAT. You need open port because RAT connects through open port and bypass firewall. Open your web browser and write your IP and connect to your rooter (write Username: Admin & Password: Admin), open port forward page and write port you want and your IP. Well that’s all you need to do and now you got open port.

How do I control server?
Once installed, RAT server can be controlled via RAT client. From IP list box you choose PC and connect.
Where and how do I spread?
There are few different ways to spread your server. You can spread on warez websites, P2P file sharing websites (uTorrent, Pirate bay etc.), YouTube, etc. Some people use custom made Auto-Spreaders programs to spread their server.

What’s reverse Connection?
A reverse connection is usually used to bypass firewall restrictions on open ports. The most common way a reverse connection is used is to bypass firewall and Router security restrictions.

Whats Direct Connection?
A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
FAQs (Frequently Asked Questions) about RATs

Q – Why my RAT server is detected by the most anti-virus software?
A – If you want to make your server FUD (Fully UnDetectable), you will need crypter. Also, you can hex edit your server, but be careful some servers can crash after hex editing.

Q – Can I get infected by using a RAT?
A – If the programmer that gives a download link to the RAT backdoors it (very possible), then yes. By simply downloading a file, you can be infected and vulnerable to many things. By using a legal rat, chances are you won’t be infected.

Q – How do I remove server if I infect myself?
A – When you infect yourself, first what you going to do is to connect to your PC. Some RATs have function to uninstall servers, well you click that and you uninstall it. There is another way, download MalwareBytes’ Anti-Malware and scan whole computer for trojans.

Q – Can I get traced when I rat somebody?
A – Yes and no. Depends on victim, it is really hard to remove infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace, because PC usually got over 300 connections. So don’t worry.

0 comments:

Post a Comment