The RAT (Remote Administration Tool) - II

Posted by Sharan R On 7:11 AM

Why RAT's Don't Get Detected

So we are back to the second part of The RAT Remote Administration Tool. In this section we will learn how an attacker manages to hide a RAT in victim's computer, if you are new visitor or you haven't read the first part I urge you to please go through previous post on The RAT before you read this.

Before we proceed I want to tell you there's no RAT tool available whose server can not get detected by an Anti-Virus program. At practical level every Anti-Virus program can detect RAT developed by all possible free as well as commercially available RAT developing tools. Then how an attacker manages to implement an attack on you. Following may be the reasons, why you may become victim to his/his attack,

  1. Your Anti-Virus Sucks
  2. The attacker has created his/her own RAT client
  3. He had got a custom RAT client from RAT client vendor
  4. Applied Hex-editing on his RAT server EXE
  5. Attacker has used crypt or

As I always tell you hacking evolves by fractions of minutes to fractions of seconds, RAT clients also gets updated and hence your Anti-Virus too needs to be updated. If you don't update it means you are inviting more and more troubles than just RAT, always update your Anti-Virus programs or let its auto-update option enabled. In any other case than this if your Anti-Virus fails to detect RAT it means it is total crap UN-install it and use some another Anti-Virus program.

The second case is the attacker is master programmer and he/she has used his/her master programmer skill to develop a new custom RAT client. Since the code is new, no Anti-Virus will have its definition ultimately making it Fully UN-Detectable (FUD). It is really very hard to keep yourself safe from such kinda RAT since it is hard to detect before damage is done.

Some vendors also offer custom RAT clients for special price, again due to its code being new any Anti-Virus program will hardly have its definition and hence even this works. Next is hex-editing, it is one of the most difficult thing to do for changing signature of the RAT server(our virus) file. So far as I know it is really very difficult and attacker must be having powerful hand over understanding different number systems and machine level codes, also it is very time consuming process. If you want to know how it is done then Rahul Tyagi has offered a pro tutorial on his blog www.salienthacker.in on hex-editing.

Last is one of the most easiest methods and due to which a VIRUS code becomes Fully Undetectable. The use of crypt-or software avoids the job of recoding and hex-editing and mutates the signature of virus file in such a way that it works fine but its code generates different signature which is not anyhow matches the previous signature, thus making is undetectable.

Other factor that leads to hide RAT in your system is process space sharing. In this the RAT server file shares process space of system processes or well known process like,
explorer.exe
svchost.exe
services.exe

And the last factor that let them do their job is port number. Many RAT clients will use regularly used port numbers to establish connections like HTTP port 80, HTTP proxy port 8080, FTP port 21 and uses any kinda connection may it be TCP or UDP.

So above are some reasons why a RAT server doesn't get detected when all codes are available to Anti-Virus vendors. So the next time we meet we'll discus how you can prevent yourself from a RAT attack.

11 comments

  1. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

    Posted on August 15, 2017 at 10:49 PM

     
  2. Posted on March 31, 2018 at 7:44 AM

     
  3. gowsalya Said,

    It has been simply incredibly generous with you to provide openly what exactly many individuals would’ve marketed for an eBook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.
    Digital Marketing Training in Chennai

    Posted on August 27, 2018 at 12:37 AM

     
  4. johnsy sai Said,

    I wish to show thanks to you just for bailing me out of this particular trouble.As a result of checking through the net and meeting techniques that were not productive, I thought my life was done.
    full stack developer training in chennai

    Posted on August 27, 2018 at 2:34 AM

     
  5. Mouni yoga Said,

    After reading this web site I am very satisfied simply because this site is providing comprehensive knowledge for you to audience. Thank you to the perform as well as discuss anything incredibly important in my opinion. We loose time waiting for your next article writing in addition to I beg one to get back to pay a visit to our website in
    Click here:
    python training in velachery
    Click here:
    python training in OMR

    Posted on September 6, 2018 at 4:22 AM

     
  6. ummi ari Said,

    Excellant post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
    Blueprism training in Chennai

    Blueprism training in Bangalore

    Blueprism training in Pune

    Blueprism online training

    Posted on September 13, 2018 at 5:55 AM

     
  7. Nila shri Said,

    Posted on September 14, 2018 at 6:33 AM

     
  8. simbu Said,

    Great Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end.
    java online training | java training in pune

    java training in chennai | java training in bangalore

    Posted on September 24, 2018 at 10:31 PM

     
  9. cathryn leno Said,

    I really like the dear information you offer in your articles. I’m able to bookmark your site and show the kids check out up here generally. Im fairly positive theyre likely to be informed a great deal of new stuff here than anyone

    angularjs Training in bangalore

    angularjs Training in btm

    angularjs Training in electronic-city

    angularjs online Training

    angularjs Training in marathahalli

    Posted on October 6, 2018 at 2:15 AM

     
  10. john jersy Said,

    Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.
    python training in pune | python training institute in chennai | python training in Bangalore

    Posted on October 19, 2018 at 12:40 AM

     
  11. Ishu Sathya Said,

    Posted on October 29, 2018 at 10:34 PM