A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program — such as a game — or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including:
- Monitoring user behavior through keyloggers or other spyware.
- Accessing confidential information, such as credit card and social security numbers.
- Activating a system’s webcam and recording video.
- Taking screenshots.
- Distributing viruses and other malware.
- Formatting drives.
- Deleting, downloading or altering files and file systems.
The Back Orifice rootkit is one of the best known examples of a RAT. A hacker group known as the Cult of the Dead Cow created Back Orifice to expose the security deficiencies of Microsoft’s Windows operating systems.
RATs can be difficult to detect because they usually don’t show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn’t alert the user that something’s amiss.
To protect your system from RATs, follow the same procedures you use to prevent other malware infections: Keep antivirus software up to date and refrain from downloading programs or opening attachments that aren’t from a trusted source. At the administrative level, it’s always a good idea to block unused ports, turn off unused services and monitor outgoing traffic.
RAT also stands for remote administration tool.
Learn More About IT:
> Roger A. Grimes wrote a comprehensive guide on how to detect and exterminate RATs.
> Ed Hurley explains why RATs warrant attention.
This was last updated in October 2009