RATs and Botnet

RATs :

Image via gfi.com

RAT — Remote administration tool. A RAT is malicious malware software that runs on your computer. It gives access to a hacker when he wants to steal information from you or install other malicious software. Basically, if a RAT is installed in the system, the hacker has complete power over it. He can either keylog the passwords or steal confidential information.

The RATs are usually detected by antivirus unless its crypted or binded with other files. There are some legal RATs like Teamviewer which help in numerous ways and then there are several illegal RATs which help in all kind of malicious activities, some notable ones are ZeuS, Spynet.

A Remote Access Trojan (RAT) is a type of malware that allows hackers to monitor and control your computer or network. But how does a RAT work, why do hackers use them, and how do you avoid them?

RATs Give Hackers Remote Access to Your Computer

If you’ve ever had to call tech support for a PC, then you’re probably familiar with the magic of remote access. When remote access is enabled, authorized computers and servers can control everything that happens on your PC. They can open documents, download software, and even move the cursor around your screen in real time.

A RAT is a type of malware that’s very similar to legitimate remote access programs. The main difference, of course, is that RATs are installed on a computer without a user’s knowledge. Most legitimate remote access programs are made for tech support and file sharing purposes, while RATs are made for spying on, hijacking, or destroying computers.

Like most malware, RATs piggyback on legitimate-looking files. Hackers can attach a RAT to a document in an email, or within a large software package, like a video game. Advertisements and nefarious webpages can also contain RATs, but most browsers prevent automatic downloads from websites or notify you when a site is unsafe.

Unlike some malware and viruses, it can be difficult to tell when you’ve downloaded a RAT. Generally speaking, a RAT won’t slow down your computer, and hackers won’t always give themselves away by deleting your files or rolling your cursor around the screen. In some cases, users are infected by a RAT for years without noticing anything wrong. But why are RATs so secretive? And how are they useful to hackers?

RATs Work Best When They Go Unnoticed

Most computer viruses are made for a singular purpose. Keyloggers automatically record everything that you type, ransomware restricts access to your computer or its files until you pay a fee, and adware dumps dubious ads onto your computer for profit.

But RATs are special. They give hackers complete, anonymous control over infected computers. As you can imagine, a hacker with a RAT can do just about anything — as long as their target doesn’t smell a RAT.

In most cases, RATs are used like spyware. A money-hungry (or downright creepy) hacker can use a RAT to obtain keystrokes and files from an infected computer. These keystrokes and files could contain bank information, passwords, sensitive photos, or private conversations. Additionally, hackers can use RATs to activate a computer’s webcam or microphone discreetly. The idea of being spied on by some anonymous nerd is pretty upsetting, but it’s a mild offense compared to what some hackers do with RATs.

Since RATs give hackers administrative access to infected computers, they’re free to alter or download any files on a whim. That means a hacker with a RAT can wipe your hard drive, download illegal content from the internet through your computer, or place additional malware onto your computer. Hackers can also control your computer remotely to perform embarrassing or illegal actions online in your name or use your home network as a proxy server to commit crimes anonymously.

A hacker can also use a RAT to take control of a home network and create a botnet. Essentially, a botnet allows a hacker to utilize your computer resources for super nerdy (and often illegal) tasks, like DDOS attacks, Bitcoin mining, file hosting, and torrenting. Sometimes, this technique is utilized by hacker groups for the sake of cyber crime and cyber warfare. A botnet that’s comprised of thousands of computers can produce a lot of Bitcoin, or take down large networks (or even an entire country) through DDOS attacks.

Don’t Worry; RATs are Easy to Avoid

If you want to avoid RATs, then don’t download files from sources that you can’t trust. You shouldn’t open email attachments from strangers (or potential employers), you shouldn’t download games or software from funky websites, and you shouldn’t torrent files unless they’re from a reliable source. Keep your browser and operating system up-to-date with security patches, too.

Of course, you should also enable your anti-virus software. Windows Defender is included with your PC (and it’s honestly a great anti-virus software), but if you feel the need for some extra security, then you can download a commercial anti-virus software like or Malwarebytes.

Use Anti-Virus to Find and Exterminate RATs

There’s an overwhelmingly good chance that your computer isn’t infected by a RAT. If you haven’t noticed any weird activity on your computer or had your identity stolen recently, then you’re probably safe. That being said, it doesn’t hurt to check your computer for RATs every once and awhile.

Since most hackers use well-known RATs (instead of developing their own), anti-virus software is the best (and easiest) way to find and remove RATs from your computer. or Malwarebytes have an extensive, ever-expanding database of RATs, so you don’t have to worry about your anti-virus software being out of date or half baked.

If you’ve run anti-virus, but you’re still paranoid that there’s a RAT on your PC, then you could always format your computer. This is a drastic measure but has a 100% success rate — outside of exotic, highly specialized malware that can burrow into your computer’s UEFI firmware. New RATs that can’t be detected by anti-virus software take a lot of time to create, and they’re usually reserved for use on large corporations, famous people, government officials, and millionaires. If anti-virus software doesn’t find any RATs, then you probably don’t have any RATs.

Botnets :

Image via netdna-ssl.com

A botnet is a collection of compromised machines for the use of (Distributed) Denial of Service (DoS/DDoS). Consider this as an army of compromised systems used to create havoc.

The botnets are usually controlled by IRC channels and HTTP protocols. The systems are compromised and then used for massive DDOS on websites or trigger a 0day exploit.

What is a botnet?

Written by a NortonLifeLock employee

The Internet is filled with threats to online security. Many of these threats are just productive, positive technologies turned to evil use. The botnet is an example of using good technologies for bad intentions. A botnet is nothing more than a string of connected computers coordinated together to perform a task. That can be maintaining a chatroom, or it can be taking control of your computer. Botnets are just one of the many perils out there on the Internet. Here’s how they work and how you can protect yourself.

Botnets are the workhorses of the Internet. They’re connected computers performing a number of repetitive tasks to keep websites going. It’s most often used in connection with Internet Relay Chat. These types of botnets are entirely legal and even beneficial to maintaining a smooth user experience on the Internet.

What you need to be careful of are the illegal and malicious botnets. What happens is that botnets gain access to your machine through some piece of malicious coding. In some cases, your machine is directly hacked, while other times what is known as a “spider” (a program that crawls the Internet looking for holes in security to exploit) does the hacking automatically.

More often than not, what botnets are looking to do is to add your computer to their web. That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once the software is downloaded, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is entirely under the control of the person who created the botnet.

Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include:

  • Using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites.
  • Emailing spam out to millions of Internet users.
  • Generating fake Internet traffic on a third-party website for financial gain.
  • Replacing banner ads in your web browser specifically targeted at you.
  • Pop-ups ads designed to get you to pay for the removal of the botnet through a phony anti-spyware package.

The short answer is that a botnet is hijacking your computer to do what botnets do — carry out mundane tasks — faster and better.

How to Protect Yourself From Botnets

Most people who are infected with botnets aren’t even aware that their computer’s security has become compromised. However, taking simple, common-sense precautions when using the Internet can not only remove botnets that have been installed, it can also prevent them from being installed on your computer, tablet and phone in the first place.

  • Good security begins with an Internet security suite that detects malware that has been installed, removes what’s present on your machine and prevents future attacks.
  • Always update your computer’s operating system as early as possible. Hackers often utilize known flaws in operating system security to install botnets. You can even set your computer to install updates automatically.
  • The same is true of applications on your computer, phone and tablet. Once weakness are found and announced by software companies, hackers rush to create programs to exploit those weaknesses.
  • Don’t download attachments or click on links from email addresses you don’t recognize. This is one of the most common vectors for all forms of malware.
  • Use a firewall when browsing the Internet. This is easy to do with Mac computers, as they come with Firewall software pre-installed. If you’re using a Windows-based machine, you might need to install third-party software.
  • Don’t visit websites that are known distributors of malware. One of the things that a full-service Internet security suite can do is warn you when you’re visiting such sites. When in doubt, check with Norton Safe Web.

In general, hackers tend to look for low-hanging fruit. If you can mount even basic defenses, botnets and other forms of malware are going to look for easier targets.

Sources:
What is RAT Malware, and Why Is It So Dangerous? (howtogeek.com)
Introduction to Botnets and RATs : Part 1 « Null Byte :: WonderHowTo
What is a Botnet? (norton.com)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store