RAT (Remote Administration Tool) - IV

Posted by Sharan R On 7:24 AM

Prevention Against A RAT Attack

Now we are to the last part of RAT Remote Access Tool. Up till now we have covered how a RAT is created, how attackers manage to hide presence of RAT in victim's PC and how we can manually detect and take action against presence of RAT if our Anti-Virus Program or Security suite fails to detect it. Now in this part we'll learn how we can prevent ourselves from getting caught by a RAT attack.

As told in RAT- II attacker does some process to hide detection of RAT from Anti-Virus program but you are not fool to click on any suspected file unnecessarily. So most of the time an attacker uses Trojan vector to execute his RAT server on victim. There can be many method an attacker can use to hide his malicious code in some kinda media that can transfer it to victim, such media is known as vector. A vector is responsible for spreading of viruses worms and RATs.

A vector may be a simple image file, executable file, media file or even a website. So now lets have our look on each one by one.

Vector Image File: As stated earlier a RAT file might be very very small in size of 100kbs-200kbs only. But as we are now prone to high definition image files only whose resolution usually remains above 1800x1600 with possible better color depth making it 1MB – 3MB in size. They can store 100-200kbs information in them very easily. If an attacker want to execute RAT from vector image it appends RAT to end of Image file thus when you click on image, image opens without any problem but also invokes appended executable ultimately infecting victim's computer. The appending is usually done via a software providing binary addition of files without change in their integrity. Now what is binary addition method to add files and how it works is beyond scope of this post. Now this kinda images are distributed by attackers using torrents and by spamming. Have you ever found an e-mail in your inbox with “Nude Pics Of Aishwarya Rai For Free(HD)”, “Katrina Kaif Nude Pics Revealed(HD)”. Now fact number one any how you always know that pics does not really exists and fact number two even if it exist then they are fake pics created using Photo editing tools like Adobe Photoshop or Gimp. Then why to make yourself eager unnecessarily. Keep yourself away from such things, these are tricks by attackers to download those high quality fake images in which they have hidden their dirty stuff.

Executable File: Many RAT clients by default offer you adding a legitimate executable file with their server code so that once the victim runs legitimate file he/she gets infected. These files are usually spread using torrents and Dark Warez sites. Dark Warez sites are those where a software is provided with its key-gen or crack executable, they are also known as pirate sites. Attackers usually bind their files in keygens and crack executable s, I think I don't need to mention this, because if you have ever downloaded any file from such kinda site your anti-Virus might have got in form. Most people disable Anti-Virus thinking its false alarm but Anti-Virus makers are not fools to give you a false alarm on every such file downloaded from Dark Warez site. They are actually malicious and hence we find most of our college computers are always infected with malware.

Media: Media files like audio and video both can contain malcious code and wrapping against them a RAT file can never get detected since we hardly find any reduction and compromise in quality of media. People who always stay online for movies and music usually become prey to such infected media files. A better defense is always keep your media players and flash player to newest version.

Websites: Now a days many web technologies allow a web page to execute Active X contents on the visitor's PC via browser. Browsers are per-configured to run scripts and scripting languages responsible
for execution of these Active X elements. Sites which support Java drive by and flash scripts are more likely to put you in trouble. That's the reason why most of the time I advise to avoid flash contents on your blog because they can be exploited very easily. To avoid getting infected from websites which run malicious codes on your PC always keep your eyes on notification and keep pop-up blocker on and use some good Internet security suite.

1 Comment

  1. Fixit Roger Said,

    Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available but first
    I‘ll show the proof that am real then make a deal like

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7


    Posted on January 30, 2019 at 9:39 PM