Danger: Remote
Access Trojans (RATs)
My client's PC
had been experiencing strange symptoms that included slow performance, a CD-ROM
tray that opened and closed at random, strange error messages, and inverted
screen images. After I severed his Internet connection and followed my typical
malicious software, I located the culprits: two Remote Access Trojans (RATs)
the infamous Cult of the Dead Cow's Back Orifice and the lesser-known The Thing.
In this case, the malicious intruders were kids who seemed more interested in
causing online problems and trading pornography than in doing real damage. If
they'd been more sophisticated, they could have gathered confidential financial
information from my client's computer and network. Remote Access Trojans are
more dangerous than all other types of malicious code. To protect yourself,
become familiar with the types of RATs, how they work, and how to detect and
prevent these pests.
Remote Access
Trojans are malicious programs that run invisibly on host PCs and permit an
intruder remote control. On a basic level, many RATs mimic the functionality
of legitimate remote control programs such as Symantec's pcAnywhere but are
designed specifically for stealth installation and operation. Intruders usually
hide these Trojan horses in games and other small programs that unsuspecting
users then execute on their PCs.
If a computer virus or email worm has ever infected your company, the company is a prime candidate for RATs. Typical antivirus scanners are less likely to detect them than worms or viruses because of binders and intruder encryption routines. Also, Remote Access Trojans have the potential to cause significantly more damage than a worm or virus can cause. Finding and eradicating them should be a systems administrator's top priority. The best anti-malware weapon is an up-to-date, proven antivirus scanner.
After you detect and eradicate Remote Access Trojans, a larger question looms: Did the remote intruder collect information that could harm you in the future? Answering that question in the confines of this article is difficult, but consider the following information to determine risk. How long have the RATs been around?