Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Remote Administration Trojan's
Post: #1


The Remote Administration Trojans, also known as RATs are the most popular type of Trojans today. This type of Trojan allows the creator or who ever is using it to gain access to victims are there and perform many functions on their computer. These RATs are very easy to use, coming in a package of two files a server file and a client file. If you can get a chance to run the server file, resulting in obtaining his/her IP address, you will gain full control over their computer. These Trojans can also be bind into other programs which seem to be justifiable.

Remote Administration Trojans in a general sense open a port on your computer and themselves to it. What they are really doing is making the server file listen to incoming connections and data come through these ports. Once some one runs their clime program and enters the victims IP address, the Trojan starts receiving commands from the attacker and runs them on the victim's computer.

The most common non-viral malware which acts as a virus and infects information is said to be a Trojan horse. The Trojan horse bears the name of some standard program.

A Trojan horse could be either:
1. An unauthorized instruction contained with in a legitimate program. These instructions perform functions unknown to the user.
2. A legitimate program that has been altered by the placement of unauthorized instructions within it.
3. Any program that appears to perform a desirable and function but that (because of unauthorized instructions with in it) performs functions unknown to the user.
These all instructions are unwanted to the user.

Under a restricted environment, (a restricted UNIX shell or a restricted Windows computer) malicious Trojans can't do much, since they are restricted in their actions. But on an ordinary PC, Trojans can be lethal and quite destructive.

Most windows Trojans hide from the Alt+Ctrl+Del menu. (We haven't seen any program that had the ability to hide itself from the processes list yet, but you can know-one day some one might discover a way to do so.) This is bad because there are people who use the task list to see which process are running .There are programs that will tell us exactly what process are running on your computer.

Also some Trojans might simply open an FTP server on your computer (usually NOT PORT 21, the default FTP port, in order to be less noticeable). The FTP server is, of course passworded, or has a password which the attacker has determined, and allows the attacker to download, upload and execute files quickly and easily.
Post: #2
Refer this pdf for further details :
Post: #3
More Info About Remote Administration Trojan's
Post: #4
Thumbs Up 
Remote Administration Trojans (RATs)

Remote Administration Trojans (RATs) are malicious pieces of code often embedded in legitimate programs through RAT-fiction procedures . They are stealthily planted and help gain access of victim machines, through patches, games, E-mail attachments, or even in legitimate-looking binaries . Once installed, RATs perform their unexpected or even unauthorized operations and use an array of techniques to hide their traces to remain invisible and stay on victim systems for the long haul. For instance, RAT-ified versions of programs UNIX ps and Windows taskmgr.exe keep RATs from appearing in the list of active processes; moreover, by modifying system configurations including the boot-scripts and the Registry database, RAT-binaries often survive system reboots or crashes. A typical RAT consists of a server component running ∗Correspondence to: Zhongqiang Chen Contract/grant sponsor: European Social Funds and National Resources Pythagoras Grant & Univ. of Athens Research Foundation; contract/grant number: - ZHONGQIANG CHEN, PETER WEI AND ALEX DELIS on a victim machine and a client program acting as the interface between the server and the attacker. The client establishes communications with its corresponding server as soon as the IP address and port of the latter become available through feedback channels such as Email, Instant Messaging and/or Web access . While interacting with a RAT server, an attacker can record keystrokes, intercept passwords, manipulate file systems, and usurp resources of victim systems. By continually changing their name, location, size, and behavior, or employing information encryption, port hopping and message tunneling for its communications, RATs may elude the detection of security protection systems such as firewalls, anti-virus systems (AVs), and intrusion detection/prevention systems (IDSs/IPSs). Once bound to legitimate programs, RATs in execution inherit a victim’s privileges and raise havoc; moreover, they launch attacks against other systems purporting themselves to be super users. RATs provide the ideal mechanism for propagating malware including viruses, worms, backdoors, and spyware. The number of RATs has been steadily increasing from in to in and their update rates are also impressive; just Sub Seven delivered versions in alone. The number of RAT infected machines is staggering: in % of security incidents in Korea were Trojan inflicted mostly by Back Orifice (BO) and in % of intrusions in Israel were due to Net Bus and BO. Pest Patrol reports that roughly % of all incidents are attributed to RATs. Compromised machines are often used as spring-boards for distributed denial of service attacks, further exacerbating the problem. The best option for avoiding RATs is to verify every piece of software before installation using a-priori known program signatures . This, however, becomes impractical as a comprehensive database of known program signatures is unavailable and RATs are frequently delivered via multiple channels such as patches, attachments, file sharing, or simply Web-site accessing. The polymorphic nature and parasitic mechanisms of RATs render their identification a challenge even if we seek specific and known types of Trojans . Host- and network-based techniques have been widely employed by firewalls, AVs and IDSs/IPSs to detect and block RATs . Static fingerprinting is the predominant method in host-based RAT detection where unique facets of Trojans are extracted to establish a Trojan Database, which entails file names, sizes, locations, checksums, and special patterns in RATs . By periodically scanning every file in a system and matching fingerprints against those in the established database, RATs can be revealed. In addition, monitoring the access of files in the startup folder, registries, auto start files, and configuration scripts of a system is another popular host-based technique that helps identify suspicious activities. Network-based methods follow a different philosophy as they examine both the status and activity on TCP/UDP ports to determine any deviation from expected network usage. Abnormal behavior and/or malformed network messages can be detected by monitoring port access patterns and/or analyzing protocol headers of packets exchanged among systems. Similar to host-based methods, unique RAT-manifested telltale patterns in network communications are exploited as signatures to distinguish malicious traffic . Clearly, the RAT detection accuracy of host- and network-based methods depends on the quality of the Trojan database and signatures used; the latter can be easily obfuscated by attackers using an array of evasion techniques. In this paper, we propose a comprehensive framework for detecting and dealing with known Rats which employs network-based detection methods and operates in inline mode to inspect and manipulate every passing packet in real-time. Our objective is to enhance the reliability and accuracy of the detection process in comparison with existing anti-Trojan options. To track suspicious RAT activities, our framework monitors network sessions established by both potential Trojans and normal applications, records and maintains state information for their entire lifetime; furthermore, this information is archived even after a session has terminated in order to conduct stateful inspection, intra-session data fusion, and inter-session correlation.

Post: #5
Rajeev Kumar

 Remote administration trojans are the malicious pieces of code often embedded in legitimate progam performing the functions which the users don’t want to perform.
 RATs generally resemble the program that the user wishes to run.
 It is used to connect and manage multiple computers remotely.
 Trojan horses are named after the Greek’s gifting a huge wooden horse to the Troy that housed the soldiers who emerged in the night and attacked the city.As it is remotely administrated so it has been named as RATs.
 RATs work as client-server pairs.server resides on the infected machine and client resides elsewhere across the network.
 Using standard TCP/IP protocols,the client sends instructions to the server and the server does what it is told to do on the infected computer.
 RATs install themselves and starts showing their effects.
 RATs can generally do the following:-
 Download,upload,delete and rename files
 Format drives
 Open CD-ROM tray
 Drop viruses and worms
 Log keystrokes
 Hack passwords,credit card no.
 Print text,play sound.

Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: hospice fedora project administration, ppt on remote administration using mobile, remote, enable remote administration, kode remote ac fujiaire, seminar on remote administration, jobsearch naukri administration,

Quick Reply
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Parallel Computing In Remote Sensing Data Processing computer science crazy 4 4,090 01-03-2012 09:32 AM
Last Post: seminar paper
  PARALLEL COMPUTING IN REMOTE SENSING DATA PROCESSING seminar projects crazy 1 2,363 24-02-2012 11:40 AM
Last Post: seminar paper
  remote media immersion poorva 4 3,274 09-05-2011 03:56 PM
Last Post: seminar class
Last Post: seminar class
  Beating a Virus, and the (Trojan) Horse It Rode In On seminar class 0 870 16-03-2011 03:39 PM
Last Post: seminar class
  REMOTE SLEEP MONITORING AND MEDICAL ALARM SYSTEM seminar class 0 1,145 01-03-2011 03:49 PM
Last Post: seminar class
  Remote Procedure Call seminar class 0 761 16-02-2011 04:58 PM
Last Post: seminar class
  Analysis of network management of remote network elements project report helper 0 691 18-10-2010 05:05 PM
Last Post: project report helper
  GSM BASED ONLINE VEHICLE TRACKING WITH REMOTE LOCKING seminar surveyer 0 1,312 07-10-2010 10:20 AM
Last Post: seminar surveyer
  Remote Laboratory seminar surveyer 0 560 02-10-2010 11:26 AM
Last Post: seminar surveyer